LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Firewall fails to load > G/UFW >
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-19-2022, 02:10 PM   #1
GeordieJedi
LQ Newbie
 
Registered: Jan 2008
Posts: 26

Rep: Reputation: 2
Question Firewall fails to load > G/UFW >

Hi there guys, I was hoping that you could help with a quirky issue that I've
just started experiencing

Issue:
UFW / GUFW is failing to load.

This has just started today (19/06/22)

I have G/UFW set to auto load at each boot
When I boot the computer, I normally get a dialogue box asking me for me PW.

However, this is STILL happening (I see the dialogue box) I enter my PW
(Correctly !) the dialogue box dissappears, then......nothing further happens

I've also checked the running processes (with HTOP in Guake) and there is no
sign of G/UFW running at all


Troubleshooting:
1. Tried using different DE (Desktop Environments) = MATE & KDE Plasma =
G/UFW fails to load

2. Completley removed both UFW and GUFW via Synaptic
Then re-installed both UFW & GUFW via synaptic = Same. G/UFW fails to load.

3. Multiple reboots = Same. G/UFW fails to load.


4. Questions:
4.1. What could be causing this behavior ?
4.2. What can I do to resolve this issue please ?


Useful information:
OS: KUbuntu 20.04 (LTS)
DE: KDE Plasma - version 5.18.8
Kernel version: 5.14.0-1042-oem

CPU: 4 x Intel Core 2 Quad core Q8200 @2.33 Ghz
RAM: 8 GB

TIA for any help or advice
 
Old 06-19-2022, 08:09 PM   #2
frankbell
LQ Guru
Contributing Member
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,311
Blog Entries: 28

Rep: Reputation: 6137Reputation: 6137Reputation: 6137Reputation: 6137Reputation: 6137Reputation: 6137Reputation: 6137Reputation: 6137Reputation: 6137Reputation: 6137Reputation: 6137
Have you checked the log files? You might start with /var/log/boot.log, /var/log/(g)ufw.log, and /var/log/syslog.

This article might prove helpful: https://help.ubuntu.com/community/UFW

I'm curious: My understanding is that ufw and gufw are frontends for configuring iptables, which is part of the Linux kernel and that you do not need to run these applications unless you have a positive need to alter your firewall configuration, once you have it working. Why are you trying to auto-start them?
Last edited by frankbell; 06-19-2022 at 08:12 PM. Reason: clarity
 
Old 06-20-2022, 12:34 AM   #3
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
Quote:
Originally Posted by GeordieJedi View Post
Issue:
UFW / GUFW is failing to load.

This has just started today (19/06/22)

I have G/UFW set to auto load at each boot
When I boot the computer, I normally get a dialogue box asking me for me PW.

However, this is STILL happening (I see the dialogue box) I enter my PW
(Correctly !) the dialogue box dissappears, then......nothing further happens

I've also checked the running processes (with HTOP in Guake) and there is no
sign of G/UFW running at all


Troubleshooting:
1. Tried using different DE (Desktop Environments) = MATE & KDE Plasma =
G/UFW fails to load

2. Completley removed both UFW and GUFW via Synaptic
Then re-installed both UFW & GUFW via synaptic = Same. G/UFW fails to load.

3. Multiple reboots = Same. G/UFW fails to load.


4. Questions:
4.1. What could be causing this behavior ?
4.2. What can I do to resolve this issue please ?


Useful information:
OS: KUbuntu 20.04 (LTS)
DE: KDE Plasma - version 5.18.8
Kernel version: 5.14.0-1042-oem

CPU: 4 x Intel Core 2 Quad core Q8200 @2.33 Ghz
RAM: 8 GB
_____________
  1. ufw is not a continuously running process. It does something with iptables, then exits.
  2. your login problem appears to be completely unrelated to ufw. Why do you think there's a connection?
  3. why do you even think ufw failed to load?
Are you now able to log into your GUI or not?
 
Old 06-20-2022, 08:19 AM   #4
GeordieJedi
LQ Newbie
 
Registered: Jan 2008
Posts: 26

Original Poster
Rep: Reputation: 2
Hi there. Thanks for coming back to me about this issue

@frankbell - Thanks for the log location, thats a good shout.
I am aware that once you "set" your firewall rules they're supposed to be
"fire and forget"

However I like to make sure that the firewall (and its processes are working
properly all the time). So I set G/UFW to auto start at each boot.
So that I can make sure that the firewall is working properly.

@ondoho

1. What magic "something" does UFW do ?

2. This is not, a login problem.
I can, (and do) log into my computer account & DE (KDE plasma) without any issues.

Once I have logged in successfully, I get a dialogue box that asks me for my PW
(this is a policykit authentication request, for GUFW)
as it needs sudo access to load the GUFW app.
(As I have GUFW set to auto start at each boot).

3. G/UFW appears, not to have loaded because -

3.1. The GUFW GUI app doesnt load / appear on the desktop and taskbar

3.2. (When using HTOP process monitor) -
and searching for either GUFW or UFW nothing is showing for either an
app or a process

4. As a result I tried some more troubleshooting (with my laptop) also running
Ubuntu (18.04 LTS, this time) and has GUFW set to auto start at each boot.

Interestingly I found the following -

4.1. (G/UFW is working) and the GUI app loads

When using HTOP I see the following app/prcocess when searching for GUFW:
Code:
 python3 /usr/share/gufw/gufw.py (my username)

4.2. However when searching for either GUFW or UFW in HTOP on my desktop PC
(that has the issue), there are no instances of anything relating to either
GUFW or UFW in the process monitor.

This leads me to believe that the G/UFW has not loaded and is not running.

5. I have had a cursory look at the update history on both machines
There doesnt appear to be any recent history of GUFW being updated.

However I have done a recent Kernel update (to my desktop PC)
(see version in my original post)
So this, may be the reason for the changes in the behaviour of G/UFW
(not running) anymore.

However thank you for responding to my inital request for help
It is appreciated.
Last edited by GeordieJedi; 06-20-2022 at 10:52 AM. Reason: Additional information
 
Old 06-20-2022, 02:59 PM   #5
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,681

Rep: Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894
Quote:
1. What magic "something" does UFW do?
ufw is a command line utility which is a frontend to iptables/nftables which basically converts simple commands to something that iptables/nftables understands. As posted it is just a utility program and not a running process. Basically at boot time the firewall rules are either loaded or not. If loaded the firewall is "running". Not running is basically the system accepts all incoming and allows all outgoing traffic. ufw adds several chains but you basically see allow everywhere. If using iptables to see if the rules are loaded run the command:

sudo iptables -L

To see if the firewall is active you can also use ufw i.e.
Quote:
sudo ufw status
The output will be either active or inactive.

gufw is a graphical frontend to ufw. It could be a kernel problem. Can you still run the older kernel?
 
Old 06-20-2022, 04:41 PM   #6
GeordieJedi
LQ Newbie
 
Registered: Jan 2008
Posts: 26

Original Poster
Rep: Reputation: 2
@michaelk

Thanks for the thorough explanation, that's very helpful.

Here are the results of your code suggestions

6.
Code:
sudo iptables -L
Result:
Code:
[sudo] password for (my username): 
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_INP  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate 
RELATED,ESTABLISHED,DNAT
ACCEPT     all  --  anywhere             anywhere            
INPUT_direct  all  --  anywhere             anywhere            
INPUT_ZONES  all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with 
icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_FWX  all  --  anywhere             anywhere            
LIBVIRT_FWI  all  --  anywhere             anywhere            
LIBVIRT_FWO  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate 
RELATED,ESTABLISHED,DNAT
ACCEPT     all  --  anywhere             anywhere            
FORWARD_direct  all  --  anywhere             anywhere            
FORWARD_IN_ZONES  all  --  anywhere             anywhere            
FORWARD_OUT_ZONES  all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with 
icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
LIBVIRT_OUT  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
OUTPUT_direct  all  --  anywhere             anywhere            

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_public  all  --  anywhere             anywhere            [goto] 
FWDI_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_public  all  --  anywhere             anywhere            [goto] 
FWDO_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_public (2 references)
target     prot opt source               destination         
FWDI_public_pre  all  --  anywhere             anywhere            
FWDI_public_log  all  --  anywhere             anywhere            
FWDI_public_deny  all  --  anywhere             anywhere            
FWDI_public_allow  all  --  anywhere             anywhere            
FWDI_public_post  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain FWDI_public_allow (1 references)
target     prot opt source               destination         

Chain FWDI_public_deny (1 references)
target     prot opt source               destination         

Chain FWDI_public_log (1 references)
target     prot opt source               destination         

Chain FWDI_public_post (1 references)
target     prot opt source               destination         

Chain FWDI_public_pre (1 references)
target     prot opt source               destination         

Chain FWDO_public (2 references)
target     prot opt source               destination         
FWDO_public_pre  all  --  anywhere             anywhere            
FWDO_public_log  all  --  anywhere             anywhere            
FWDO_public_deny  all  --  anywhere             anywhere            
FWDO_public_allow  all  --  anywhere             anywhere            
FWDO_public_post  all  --  anywhere             anywhere            

Chain FWDO_public_allow (1 references)
target     prot opt source               destination         

Chain FWDO_public_deny (1 references)
target     prot opt source               destination         

Chain FWDO_public_log (1 references)
target     prot opt source               destination         

Chain FWDO_public_post (1 references)
target     prot opt source               destination         

Chain FWDO_public_pre (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_public  all  --  anywhere             anywhere            [goto] 
IN_public  all  --  anywhere             anywhere            [goto] 

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_public (2 references)
target     prot opt source               destination         
IN_public_pre  all  --  anywhere             anywhere            
IN_public_log  all  --  anywhere             anywhere            
IN_public_deny  all  --  anywhere             anywhere            
IN_public_allow  all  --  anywhere             anywhere            
IN_public_post  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain IN_public_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh 
ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
target     prot opt source               destination         

Chain IN_public_log (1 references)
target     prot opt source               destination         

Chain IN_public_post (1 references)
target     prot opt source               destination         

Chain IN_public_pre (1 references)
target     prot opt source               destination         

Chain LIBVIRT_FWI (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate 
RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere             reject-with 
icmp-port-unreachable

Chain LIBVIRT_FWO (1 references)
target     prot opt source               destination         
ACCEPT     all  --  192.168.122.0/24     anywhere            
REJECT     all  --  anywhere             anywhere             reject-with 
icmp-port-unreachable

Chain LIBVIRT_FWX (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere            

Chain LIBVIRT_INP (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:67

Chain LIBVIRT_OUT (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:68

Chain OUTPUT_direct (1 references)
target     prot opt source               destination
7.
Code:
sudo ufw status
Result:
Code:
Status: inactive

8. I did a further test -

I ran the ufw status check, before putting my PW into the policykit PW request box
and then afterwards (to see if there are any changes)

In both instances the ufw status shows as inactive
 
Old 06-20-2022, 05:09 PM   #7
GeordieJedi
LQ Newbie
 
Registered: Jan 2008
Posts: 26

Original Poster
Rep: Reputation: 2
So some further testing results as follows:

9. I cannot roll back the kernel version (yet ?)


10. In the CLI I can change the status of the UFW to active by using the following command:
Code:
sudo ufw enable
Result:
Code:
Status: active

11. Interestingly when I try and run G-UFW from the CLI (the GUI for UFW),
I get a nice honking big error message - As follows:

Command:
Code:
sudo gufw

Code:
ls: cannot access '/usr/lib/python*/site-packages/gufw/gufw.py': No such file or directory
Traceback (most recent call last):
  File "/usr/share/gufw/gufw/gufw.py", line 30, in <module>
    gufw = Gufw(controler.get_frontend())
  File "/usr/share/gufw/gufw/gufw/view/gufw.py", line 80, in __init__
    self._set_initial_values()
  File "/usr/share/gufw/gufw/gufw/view/gufw.py", line 283, in _set_initial_values
    self.listening = ListeningReport(self)
  File "/usr/share/gufw/gufw/gufw/view/listening.py", line 35, in __init__
    self._show_report()
  File "/usr/share/gufw/gufw/gufw/view/listening.py", line 48, in _show_report
    self._view_report(report, self.previous_report)
  File "/usr/share/gufw/gufw/gufw/view/listening.py", line 83, in _view_report
    self.gufw.listening_model.set_value(iter_row, 1, int(line_split[1].strip())) # port
ValueError: invalid literal for int() with base 10: 'WARN:'

12. So (if I'm reading the error message / log above correctly) it "looks like"
that the GUI for GUFW doesnt exist, or has been moved ?

However, both UFW and GUFW have been completely removed, then re-installed
since this issue has started.

I have also just double checked synaptic, and both apps are showing as fully installed.

Hope this helps.
 
Old 06-20-2022, 05:26 PM   #8
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,681

Rep: Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894Reputation: 5894
There are a few bug reports on this particular error but I can not tell if yours is related.
https://bugs.launchpad.net/ubuntu/+s...w/+bug/1890794
 
Old 06-20-2022, 11:34 PM   #9
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 19,872
Blog Entries: 12

Rep: Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053Reputation: 6053
Quote:
Originally Posted by GeordieJedi View Post
This is not, a login problem.
I can, (and do) log into my computer account & DE (KDE plasma) without any issues.

Once I have logged in successfully, I get a dialogue box that asks me for my PW
(this is a policykit authentication request, for GUFW)
as it needs sudo access to load the GUFW app.
(As I have GUFW set to auto start at each boot).
OK. You don't need to autostart gufw. Undo that.
Instead, check if ufw is up and running after a reboot.
Code:
systemctl status ufw
# or
sudo ufw status
If it is, that's it. You don't need to do more. Your firewall is active.

Explanation: gufw is a graphical frontend to ufw which is a frontend to iptables.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Difference between ufw status vs systemctl status ufw andrewysk Linux - Security 9 02-02-2022 07:10 AM
[SOLVED] Whether ufw iptables support nating & Mac address restriction through firewall sanjay87 Linux - Server 1 03-05-2012 09:28 AM
ufw firewall rhlnewbie Linux - Software 2 10-18-2009 03:23 PM
LXer: Ubuntu 9.10 UFW Firewall LXer Syndicated Linux News 0 10-15-2009 01:02 AM
LXer: Gufw - Simple GUI for ufw (Uncomplicated Firewall) in Ubuntu LXer Syndicated Linux News 0 09-30-2008 03:20 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 07:21 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration