OS is Trisquel 8.0 (Ubuntu 16.04 LTS derived), kernel 4.4.0-131-generic
I've reached the hair-tearing stage with ufw, which refuses to start up properly on system start.
Have tried:
- Editing /etc/ufw/ufw.conf to force enabled state.
- Editing /usr/share/ufw/ufw.conf to force enabled state.
- Editing /etc/rc.local
to add 'systemctl enable ufw'. - Removing and reinstalling the ufw
package.
After a restart, the service reports 'active' but is actually inactive.
# service ufw status
[green bullet] ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2018-08-15 12:33:36 NZST; 15min ago
Main PID: 389 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/ufw.service
Aug 15 12:33:36 alcatraz systemd[1]: Started Uncomplicated firewall.
# ufw status
Status: inactive
# ping google.co.nz
ping: unknown host google.co.nz
# service ufw start
# service ufw status
[green bullet] ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited) since Wed 2018-08-15 12:33:36 NZST; 15min ago
Main PID: 389 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/ufw.service
Aug 15 12:33:36 alcatraz systemd[1]: Started Uncomplicated firewall.
# service ufw start
# ufw status
Status: inactive
# service ufw restart
# ufw status
Status: inactive
# ufw enable
Firewall is active and enabled on system startup
# ufw status
Status: active
To Action From
-- ------ ----
192.168.1.0/24 21 on enp2s0 ALLOW 192.168.1.0/24
...
192.168.1.0/24 21 ALLOW OUT 192.168.1.0/24 on enp2s0
...
# ping google.co.nz
PING google.co.nz (216.58.196.131) 56(84) bytes of data.
64 bytes from syd15s04-in-f3.1e100.net (216.58.196.131): icmp_seq=1 ttl=52 time=64.2 ms
I'm no doubt missing something simple, but extensive googling has not revealed anything that helped. Please help with suggestions as to how to diagnose what's going wrong, or even better, a fix! 🙂
Best Answer
In case anyone else has similar problems, here is my solution.
After a great deal more research and hackery, found that the file
was running lots of 'iptables' commands, setting up rules which overwrote anything that ufw had put in. Added this line to that file, at the end of the 'start' section:
which is a link to a script that runs my ufw setup commands.