UFW as an active service on Ubuntu
I remembered that in my frustration of not having the ufw stick as "active" on startup I repeatedly bypassed the 10 second grub countdown immediately as I rebooted to check the results of the earlier suggestions.
I wondered, since it was mentioned that the script ran at startup, if I was somehow cutting off the script before it could execute. Not so. ufw "active" still appears to stick after choosing ubuntu 9.1 the moment grub pops up.
It would appear that there was some conflict between ufw's default startup and one or both of Firewall Configuration or Firestarter. Uninstalling them seems to have fixed my problem.
Hopefully this works for others as well.
Related videos on Youtube
lamcro
Updated on November 19, 2022Comments
-
lamcro over 1 year
- Every time I restart my computer, and check the status of the UFW firewall (
sudo ufw status
), it is disabled, even if I then enable and restart it. - I tried putting
sudo ufw enable
as one of the startup applications but it asks for the sudo password every time I log on, and I'm guessing it does not protect anyone else who logs on my computer.
How can I setup ufw so it is activated when I turn on my computer, and protects all accounts?
Update
I just tried
/etc/init.d/ufw start
, and it activated the firewall. Then I restarted the computer, and again it was disabled.content of /etc/ufw/ufw.conf
# /etc/ufw/ufw.conf # # set to yes to start on boot ENABLED=yes # set to one of 'off', 'low', 'medium', 'high' LOGLEVEL=full
content of /etc/default/ufw
# /etc/default/ufw # # Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback # accepted). You will need to 'disable' and then 'enable' the firewall for # the changes to take affect. IPV6=no # Set the default input policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT. # ACCEPT enables connection tracking for NEW inbound packets on the INPUT # chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note # that if you change this you will most likely want to adjust your rules. DEFAULT_INPUT_POLICY="DROP" # Set the default output policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT. # ACCEPT enables connection tracking for NEW outbound packets on the OUTPUT # chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note # that if you change this you will most likely want to adjust your rules. DEFAULT_OUTPUT_POLICY="ACCEPT" # Set the default forward policy to ACCEPT, DROP or REJECT. Please note that # if you change this you will most likely want to adjust your rules DEFAULT_FORWARD_POLICY="DROP" # Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please # note that setting this to ACCEPT may be a security risk. See 'man ufw' for # details DEFAULT_APPLICATION_POLICY="SKIP" # By default, ufw only touches its own chains. Set this to 'yes' to have ufw # manage the built-in chains too. Warning: setting this to 'yes' will break # non-ufw managed firewall rules MANAGE_BUILTINS=no # # IPT backend # # only enable if using iptables backend IPT_SYSCTL=/etc/ufw/sysctl.conf # extra connection tracking modules to load IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"
Update
Followed your advise and ran update-rc.d with no luck.
lester@mcgrath-pc:~$ sudo update-rc.d ufw defaults update-rc.d: warning: /etc/init.d/ufw missing LSB information update-rc.d: see <http://wiki.debian.org/LSBInitScripts> Adding system startup for /etc/init.d/ufw ... /etc/rc0.d/K20ufw -> ../init.d/ufw /etc/rc1.d/K20ufw -> ../init.d/ufw /etc/rc6.d/K20ufw -> ../init.d/ufw /etc/rc2.d/S20ufw -> ../init.d/ufw /etc/rc3.d/S20ufw -> ../init.d/ufw /etc/rc4.d/S20ufw -> ../init.d/ufw /etc/rc5.d/S20ufw -> ../init.d/ufw lester@mcgrath-pc:~$ ls -l /etc/rc?.d/*ufw lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc0.d/K20ufw -> ../init.d/ufw lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc1.d/K20ufw -> ../init.d/ufw lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc2.d/S20ufw -> ../init.d/ufw lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc3.d/S20ufw -> ../init.d/ufw lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc4.d/S20ufw -> ../init.d/ufw lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc5.d/S20ufw -> ../init.d/ufw lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc6.d/K20ufw -> ../init.d/ufw
-
Admin over 14 yearsplease edit your question and include the content of the
/etc/default/ufw
and/etc/ufw/ufw.conf
files. also, which ubuntu version are you using? -
Admin over 14 yearsI am using Ubuntu 9.10. Upgraded from 9.04 by way of "Update Manager".
- Every time I restart my computer, and check the status of the UFW firewall (
-
quack quixote over 14 yearsshouldn't be necessary, and you'd need it in
/etc/rc2.d
-- Ubuntu follows Debian in that runlevels 2-5 are basically the same, and by default the system boots into runlevel 2. -
lamcro over 14 yearsI meant to indicate that, after enabling ufw and restarting the PC, the ufw is again disabled.
-
lamcro over 14 yearsanother rephrase, first bullet.
-
lamcro over 14 yearsI have gufw, but does not help. I have not tries "ufw start" yet.
-
mac over 14 years@~quack - You are right. I updated the original post
-
Admin about 14 yearsGood idea. I try and uninstall all firewall apps, then just install what I need. Gracias!