UFW as an active service on Ubuntu

Posted by lamcro on Super User See other posts from Super User or by lamcro
Published on 2009-11-28T17:42:51Z Indexed on 2010/03/22 20:31 UTC
Read the original article Hit count: 464

Filed under:
|
|
  • Every time I restart my computer, and check the status of the UFW firewall (sudo ufw status), it is disabled, even if I then enable and restart it.
  • I tried putting sudo ufw enable as one of the startup applications but it asks for the sudo password every time I log on, and I'm guessing it does not protect anyone else who logs on my computer.

How can I setup ufw so it is activated when I turn on my computer, and protects all accounts?

Update

I just tried /etc/init.d/ufw start, and it activated the firewall. Then I restarted the computer, and again it was disabled.

content of /etc/ufw/ufw.conf

# /etc/ufw/ufw.conf
# 

# set to yes to start on boot
ENABLED=yes

# set to one of 'off', 'low', 'medium', 'high'
LOGLEVEL=full

content of /etc/default/ufw

# /etc/default/ufw
#

# Set to yes to apply rules to support IPv6 (no means only IPv6 on loopback
# accepted). You will need to 'disable' and then 'enable' the firewall for
# the changes to take affect.
IPV6=no

# Set the default input policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
# ACCEPT enables connection tracking for NEW inbound packets on the INPUT
# chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
# that if you change this you will most likely want to adjust your rules.
DEFAULT_INPUT_POLICY="DROP"

# Set the default output policy to ACCEPT, ACCEPT_NO_TRACK, DROP, or REJECT.
# ACCEPT enables connection tracking for NEW outbound packets on the OUTPUT
# chain, whereas ACCEPT_NO_TRACK does not use connection tracking. Please note
# that if you change this you will most likely want to adjust your rules.
DEFAULT_OUTPUT_POLICY="ACCEPT"

# Set the default forward policy to ACCEPT, DROP or REJECT.  Please note that
# if you change this you will most likely want to adjust your rules
DEFAULT_FORWARD_POLICY="DROP"

# Set the default application policy to ACCEPT, DROP, REJECT or SKIP. Please
# note that setting this to ACCEPT may be a security risk. See 'man ufw' for
# details
DEFAULT_APPLICATION_POLICY="SKIP"

# By default, ufw only touches its own chains. Set this to 'yes' to have ufw
# manage the built-in chains too. Warning: setting this to 'yes' will break
# non-ufw managed firewall rules
MANAGE_BUILTINS=no

#
# IPT backend
#
# only enable if using iptables backend
IPT_SYSCTL=/etc/ufw/sysctl.conf

# extra connection tracking modules to load
IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_irc nf_nat_irc"


Update

Followed your advise and ran update-rc.d with no luck.

lester@mcgrath-pc:~$ sudo update-rc.d ufw defaults
update-rc.d: warning: /etc/init.d/ufw missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
 Adding system startup for /etc/init.d/ufw ...
   /etc/rc0.d/K20ufw -> ../init.d/ufw
   /etc/rc1.d/K20ufw -> ../init.d/ufw
   /etc/rc6.d/K20ufw -> ../init.d/ufw
   /etc/rc2.d/S20ufw -> ../init.d/ufw
   /etc/rc3.d/S20ufw -> ../init.d/ufw
   /etc/rc4.d/S20ufw -> ../init.d/ufw
   /etc/rc5.d/S20ufw -> ../init.d/ufw

lester@mcgrath-pc:~$ ls -l /etc/rc?.d/*ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc0.d/K20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc1.d/K20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc2.d/S20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc3.d/S20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc4.d/S20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc5.d/S20ufw -> ../init.d/ufw
lrwxrwxrwx 1 root root 13 2009-12-20 20:34 /etc/rc6.d/K20ufw -> ../init.d/ufw

© Super User or respective owner

Related posts about firewall

Related posts about ufw