Casy
By:
Casy

Auto enable UFW on startup

June 24, 2015 7.9k views
Configuration Management Firewall Security Nginx LEMP Ubuntu

Hi everyone, i love this community!

Today i ask for help, i have a problem in my droplet.
When i restart my server the Firewall UFW is always disabled.
in my file: /etc/ufw/ufw.conf
i have enabled to auto-start, but it does not work.

What can i do? can Ajenti/-V have something to do?

Thanks everyone!

5 comments
  • what happens when you run this:

    update-rc.d ufw defaults
    

    Let me know if that doesn't work.

    edited by kamaln7
  • this is the result:
    update-rc.d: /etc/init.d/ufw: file does not exist

  • Until you have a fix in place, you can add this into /etc/rc.local :

    ufw eanble
    

    I'm still reviewing this.

  • Ok, Thanks Jons!

  • I just ran into this issue. I think it is fixed in

    0.34~rc-0ubuntu4
    

    but i am on

    xxx@xxx:~$ apt-show-versions ufw
    ufw:all/trusty 0.34~rc-0ubuntu2 uptodate
    

    I believe 0.34~rc-0ubuntu2 is the latest version of ufw for ubuntu 14.04.

    If this is not the case, please let me know.

    Also see:
    UFW Changelog

2 Answers

As @digitaldragon mentioned, this looks like it was a bug that has since been fixed. Here's the changelog entry:

ufw (0.34~rc-0ubuntu4) utopic; urgency=medium

  * Install the SysV init and upstart script for both Debian and Ubuntu.
    Debian has upstart too, and in Ubuntu we need the init script for LSB
    dependencies and for systemd. (LP: #1341083)
    - Rename debian/ufw.init.debian to debian/ufw.init
    - Rename debian/ufw.upstart.ubuntu to debian/ufw.upstart
    - Remove all the distro specific code from debian/rules and just call
      dh_installinit.
  * Drop the distro specific logrotate configs, and use the ubuntu one with
    "rotate" instead of "reload" everywhere, as Debian's rsyslog init also
    supports "rotate".
  * Add a systemd unit:
    - Add debian/ufw.service
    - Add dh-systemd build dep.
    - debian/rulles: Call dh_systemd_{enable,start}.

 -- Martin Pitt <martin.pitt@ubuntu.com>   Wed, 30 Jul 2014 15:06:25 +0200
  • I am no longer using ufw. Instead, I am using iptables which I found is much easier to work with.

Ran into a problem with this answer, here is the fix.

@JonsJava suggested adding this line to /etc/rc.local

ufw eanble

however it is spelled incorrectly, it should be:

ufw enable

so, it took a while to debug this because rc.local doesn't automatically log anywhere.
if you add these lines to the top of rc.local, you will see the error with @JonsJava 's answer.

exec 2> /tmp/rc.local.log      # send stderr from rc.local to a log file
exec 1>&2                      # send stdout to the same log file
set -x                         # tell sh to display commands before execution

Have another answer? Share your knowledge.