LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-08-2008, 04:58 AM   #1
khdani
LQ Newbie
 
Registered: Jul 2006
Posts: 22

Rep: Reputation: 15
Ubuntu firewall doesn't start on boot


Hello,
I'm using Ubuntu 8.04, I want the UFW (Uncomplicated Firewall) to start on system boot.
When I write 'ufw enable', it writes 'Firewall started and enabled on system startup', however it doesn't. I even added to rc.local 'ufw enable', same thing, no result.
 
Old 11-08-2008, 05:42 AM   #2
klearview
Member
 
Registered: Aug 2006
Location: London
Distribution: Debian, Kubuntu
Posts: 572

Rep: Reputation: 75
What's the output if you do:

Quote:
sudo ufw status
?
 
Old 11-08-2008, 07:08 AM   #3
khdani
LQ Newbie
 
Registered: Jul 2006
Posts: 22

Original Poster
Rep: Reputation: 15
It will say that the firewall is not loaded until I manually load it with 'sudo ufw enable'.
 
Old 11-08-2008, 07:28 AM   #4
klearview
Member
 
Registered: Aug 2006
Location: London
Distribution: Debian, Kubuntu
Posts: 572

Rep: Reputation: 75
Are you using customized networking set-up? ufw must start prior to networking and /usr must already be mounted.

Just in case here is my /etc/init.d/ufw:

#!/bin/sh -e

### BEGIN INIT INFO
# Provides: ufw
# Required-Start: mountall.sh
# Required-Stop:
# Default-Start: S
# Default-Stop:
# Short-Description: start firewall
### END INIT INFO

PATH="/sbin:/bin:/usr/sbin:/usr/bin"

[ -x /usr/sbin/ufw ] || exit 0

. /lib/lsb/init-functions

if [ -s /etc/default/ufw ]; then
. /etc/default/ufw
else
log_failure_msg "Could not find /etc/default/ufw (aborting)"
exit 1
fi
if [ -s /etc/ufw/ufw.conf ]; then
. /etc/ufw/ufw.conf
else
log_failure_msg "Could not find /etc/ufw/ufw.conf (aborting)"
exit 1
fi

RULES_PATH="/etc/ufw"
USER_PATH="/var/lib/ufw"

case "$1" in
start)
if iptables -L ufw-user-input -n >/dev/null 2>&1 ; then
# if firewall loaded, tell to reload instead
log_action_msg "Firewall already started, use 'force-reload'"
exit 0
fi
if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
log_action_begin_msg "Starting firewall:" "ufw"
for m in $IPT_MODULES
do
modprobe $m || true
done

execs="iptables"

# IPv6 setup
if [ "$IPV6" = "yes" ] || [ "$IPV6" = "YES" ]; then
if ip6tables -L INPUT >/dev/null 2>&1; then
execs="$execs ip6tables"
else
log_action_cont_msg "Problem loading ipv6 (skipping)"
fi
else
if ip6tables -L INPUT >/dev/null 2>&1; then
# IPv6 support disabled but available in the kernel, so
# default DROP and accept all on loopback
ip6tables -F || error="yes"
ip6tables -X || error="yes"
ip6tables -P INPUT DROP || error="yes"
ip6tables -P OUTPUT DROP || error="yes"
ip6tables -P FORWARD DROP || error="yes"
ip6tables -A INPUT -i lo -j ACCEPT || error="yes"
ip6tables -A OUTPUT -o lo -j ACCEPT || error="yes"
if [ "$error" = "yes" ]; then
log_action_cont_msg "Problem setting default IPv6 policy"
fi
fi
fi

for exe in $execs
do
type=""
if [ "$exe" = "ip6tables" ]; then
type="6"
fi
BEFORE_RULES="$RULES_PATH/before${type}.rules"
AFTER_RULES="$RULES_PATH/after${type}.rules"
USER_RULES="$USER_PATH/user${type}.rules"

# flush the chains
$exe -F || error="yes"
$exe -X || error="yes"

# setup built-in chains' default policy
$exe -P INPUT $DEFAULT_INPUT_POLICY || error="yes"
$exe -P OUTPUT $DEFAULT_OUTPUT_POLICY || error="yes"
$exe -P FORWARD $DEFAULT_FORWARD_POLICY || error="yes"

# setup some other chains that can be used later
if [ "$type" != "6" ]; then
$exe -N ufw${type}-not-local || error="yes"
fi

# setup ufw${type}-before-* chains
$exe -N ufw${type}-before-input || error="yes"
$exe -N ufw${type}-before-output || error="yes"
$exe -N ufw${type}-before-forward || error="yes"
$exe -A INPUT -j ufw${type}-before-input || error="yes"
$exe -A OUTPUT -j ufw${type}-before-output || error="yes"
$exe -A FORWARD -j ufw${type}-before-forward || error="yes"
if [ -s "$RULES_PATH" ]; then
if ! $exe-restore -n < $BEFORE_RULES ; then
log_action_cont_msg "Problem running '$BEFORE_RULES'"
error="yes"
fi
else
log_action_cont_msg "Couldn't find '$BEFORE_RULES'"
fi

# setup ufw${type}-user chain
if [ -s "$USER_PATH" ]; then
$exe -N ufw${type}-user-input || error="yes"
$exe -N ufw${type}-user-output || error="yes"
$exe -N ufw${type}-user-forward || error="yes"
$exe -A ufw${type}-before-input -j ufw${type}-user-input || error="yes"
$exe -A ufw${type}-before-output -j ufw${type}-user-output || error="yes"
$exe -A ufw${type}-before-forward -j ufw${type}-user-forward || error="yes"
if ! $exe-restore -n < $USER_RULES ; then
log_action_cont_msg "Problem running '$USER_RULES'"
error="yes"
fi
# don't include the RETURN lines here, as they will
# be in the USER_PATH file
fi

# now return from the chain
$exe -A ufw${type}-before-input -j RETURN || error="yes"
$exe -A ufw${type}-before-output -j RETURN || error="yes"
$exe -A ufw${type}-before-forward -j RETURN || error="yes"

# setup ufw${type}-after-* chains
$exe -N ufw${type}-after-input || error="yes"
$exe -N ufw${type}-after-output || error="yes"
$exe -N ufw${type}-after-forward || error="yes"
$exe -A INPUT -j ufw${type}-after-input || error="yes"
$exe -A OUTPUT -j ufw${type}-after-output || error="yes"
$exe -A FORWARD -j ufw${type}-after-forward || error="yes"
if [ -s "$AFTER_RULES" ]; then
if ! $exe-restore -n < $AFTER_RULES ; then
log_action_cont_msg "Problem running '$AFTER_RULES'"
error="yes"
fi
else
log_action_cont_msg "Couldn't find '$AFTER_RULES'"
fi
$exe -A ufw${type}-after-input -j RETURN || error="yes"
$exe -A ufw${type}-after-output -j RETURN || error="yes"
$exe -A ufw${type}-after-forward -j RETURN || error="yes"
done

if [ ! -z "$IPT_SYSCTL" ] && [ -s "$IPT_SYSCTL" ]; then
sysctl -e -q -p $IPT_SYSCTL || true
fi

if [ "$error" = "yes" ]; then
log_action_end_msg 1
exit 1
else
log_action_end_msg 0
fi
else
log_action_begin_msg "Skipping firewall:" "ufw (not enabled)"
log_action_end_msg 0
fi
;;
stop)
log_action_begin_msg "Stopping firewall:" "ufw"
error=""

execs="iptables"
if ip6tables -L INPUT >/dev/null 2>&1; then
execs="$execs ip6tables"
fi

for exe in $execs
do
$exe -F || error="yes"
$exe -X || error="yes"
$exe -P INPUT ACCEPT || error="yes"
$exe -P OUTPUT ACCEPT || error="yes"
$exe -P FORWARD ACCEPT || error="yes"
done

if [ "$error" = "yes" ]; then
log_action_end_msg 1
exit 1
else
log_action_end_msg 0
fi
;;
restart|force-reload)
if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
$0 stop
$0 start
else
log_warning_msg "Skipping $1 (not enabled)"
fi
;;
status)
err=""
iptables -L ufw-user-input -n >/dev/null 2>&1 || {
log_failure_msg "Firewall is not running"
exit 3
}

if [ "$IPV6" = "yes" ] || [ "$IPV6" = "YES" ]; then
ip6tables -L ufw6-user-input -n >/dev/null 2>&1 || {
# unknown state: ipv4 ok, but ipv6 isn't
log_failure_msg "Firewall in inconsistent state (IPv6 enabled but not running)"
exit 4
}
fi

log_success_msg "Firewall is running"
;;
*)
echo "Usage: /etc/init.d/ufw {start|stop|restart|force-reload|status}"
exit 1
;;
esac

exit 0
 
Old 11-08-2008, 07:53 AM   #5
khdani
LQ Newbie
 
Registered: Jul 2006
Posts: 22

Original Poster
Rep: Reputation: 15
i haven't touched the ufw configuration file, i think mine looks just like yours.
what do you mean customized networking setup ?
 
Old 11-08-2008, 08:13 AM   #6
klearview
Member
 
Registered: Aug 2006
Location: London
Distribution: Debian, Kubuntu
Posts: 572

Rep: Reputation: 75
Quote:
what do you mean customized networking setup ?
using if-up.d or replacing network start-up scripts in some other way - basically the problem that it does not run at start-up might lie in the order not being followed: /usr gets mounted first, then ufw starts, then networking starts.
 
Old 11-08-2008, 08:33 AM   #7
khdani
LQ Newbie
 
Registered: Jul 2006
Posts: 22

Original Poster
Rep: Reputation: 15
no, as far as i remember i hadn't changed the order, however is there a way to verify that it's in the order you specified ?
 
Old 11-08-2008, 08:58 AM   #8
klearview
Member
 
Registered: Aug 2006
Location: London
Distribution: Debian, Kubuntu
Posts: 572

Rep: Reputation: 75
Sure. In /etc/rcS.d directory look at the names of the symbolic links there - the smaller the number after S the sooner the script starts. Therefore S35mountall.sh -> S39ufw -> S40networking on my system.
 
Old 11-08-2008, 09:00 AM   #9
klearview
Member
 
Registered: Aug 2006
Location: London
Distribution: Debian, Kubuntu
Posts: 572

Rep: Reputation: 75
Also it is things like that why I disable boot splash at start-up - less pretty but sometimes watching 'crap scroll on the screen' can alert you to a problem you didn't know was there.
 
Old 11-08-2008, 09:04 AM   #10
khdani
LQ Newbie
 
Registered: Jul 2006
Posts: 22

Original Poster
Rep: Reputation: 15
i have same order of scripts like yours.
disabling boot splash is a good idea. i'll disable it and restart my pc to check for any messages.
 
Old 11-10-2008, 03:32 PM   #11
khdani
LQ Newbie
 
Registered: Jul 2006
Posts: 22

Original Poster
Rep: Reputation: 15
It's indeed writes during boot up that Starting of UFW failed.
 
Old 09-26-2010, 03:57 AM   #12
yaddab
LQ Newbie
 
Registered: Sep 2010
Posts: 1

Rep: Reputation: 0
Ubuntu firewall doesn't start on boot

I had the same problem, I just launched Startup Applications, added new: name: ufw, command: ufw. Restarted, in terminal wrote: ufw status, and it's running
 
Old 09-27-2010, 12:41 AM   #13
khdani
LQ Newbie
 
Registered: Jul 2006
Posts: 22

Original Poster
Rep: Reputation: 15
though it's an old post,
thank you for posting this
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing default boot OS back to Ubuntu without being able to boot Ubuntu revenge02 Linux - Newbie 5 04-16-2007 08:37 PM
Start firewall danne123 Slackware 6 03-27-2007 06:42 AM
Firewall Start at Boot canuck_dude Linux - Networking 5 02-01-2007 01:59 AM
boot ubuntu without start X dyool Ubuntu 5 09-04-2006 12:42 PM
WPA2 TKIP ubuntu 6.06, need to start on boot for bridge trainpic Linux - Wireless Networking 1 08-18-2006 11:04 PM


All times are GMT -5. The time now is 11:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration