UFW as an active service on Ubuntu
Posted
by lamcro
on Super User
See other posts from Super User
or by lamcro
Published on 2009-11-28T17:42:51Z
Indexed on
2010/03/22
20:31 UTC
Read the original article
Hit count: 432
- Every time I restart my computer, and check the status of the UFW firewall (
sudo ufw status), it is disabled, even if I then enable and restart it. - I tried putting
sudo ufw enableas one of the startup applications but it asks for the sudo password every time I log on, and I'm guessing it does not protect anyone else who logs on my computer.
How can I setup ufw so it is activated when I turn on my computer, and protects all accounts?
Update
I just tried /etc/init.d/ufw start, and it activated the firewall. Then I restarted the computer, and again it was disabled.
content of /etc/ufw/ufw.conf
# /etc/ufw/ufw.conf
#
# set to yes to start on boot
ENABLED=yes
# set to one of 'off', 'low', 'medium', 'high'
LOGLEVEL=full
content of /etc/default/ufw
# /etc/default/ufw
#
# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
# accepted). You will need to 'disable' and then 'enable' the firewall for
# the changes to take affect.
IPV6=no
# Set the default input policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
# ACCEPT enables connection tracking for NEW inbound packets on the INPUT
# chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
# that if you change this you will most likely want to adjust your rules.
DEFAULT_INPUT_POLICY="DROP"
# Set the default output policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
# ACCEPT enables connection tracking for NEW outbound packets on the OUTPUT
# chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
# that if you change this you will most likely want to adjust your rules.
DEFAULT_OUTPUT_POLICY="ACCEPT"
# Set the default forward policy to ACCEPT, DROP or REJECT. Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY="DROP"
# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
# details
DEFAULT_APPLICATION_POLICY="SKIP"
# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
# manage the built-in chains too. Warning: setting this to 'yes' will break
# non-ufw managed firewall rules
MANAGE_BUILTINS=no
#
# IPT backend
#
# only enable if using iptables backend
IPT_SYSCTL=/etc/ufw/sysctl.conf
# extra connection tracking modules to load
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"
Update
Followed your advise and ran update-rc.d with no luck.
lester@mcgrath-pc:~$ sudo update-rc.d ufw defaults
update-rc.d: warning: /etc/init.d/ufw missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
Adding system startup for /etc/init.d/ufw ...
/etc/rc0.d/K20ufw -> ../init.d/ufw
/etc/rc1.d/K20ufw -> ../init.d/ufw
/etc/rc6.d/K20ufw -> ../init.d/ufw
/etc/rc2.d/S20ufw -> ../init.d/ufw
/etc/rc3.d/S20ufw -> ../init.d/ufw
/etc/rc4.d/S20ufw -> ../init.d/ufw
/etc/rc5.d/S20ufw -> ../init.d/ufw
lester@mcgrath-pc:~$ ls -l /etc/rc?.d/*ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc0.d/K20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc1.d/K20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc2.d/S20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc3.d/S20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc4.d/S20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc5.d/S20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc6.d/K20ufw -> ../init.d/ufw
© Super User or respective owner
