8

My server uses ufw to set up a simple firewall. I noticed however that the ufw firewall remained disabled after a reboot: ufw status reported "disabled" always.

I checked the following:

  • The /etc/ufw/ufw.conf file contained ENABLED=yes.

  • The service was correctly registered with systemctl, and looking in the /var/log/syslog file I could see the line "Starting Uncomplicated firewall", which proved it was at least started

  • A very odd thing was that even though the firewall was saying it was disabled the system log still showed audit log lines.

  • iptables -L showed that indeed all of the usual configuration was gone.

David Foerster
  • 36,264
  • 56
  • 94
  • 147
fjalvingh
  • 399

1 Answers1

9

The cause of this problem was that the service netfilter-persistent (also called iptables-persistent on other distributions) was enabled on the system, and this ran after ufw was disabled. This overwrote the ipfilter configuration from ufw.

I disabled netfilter-persistent:

$ sudo systemctl disable netfilter-persistent

and after that booting properly enabled ufw.

fjalvingh
  • 399