You are not logged in.
Pages: 1
I am having problem keeping UFW enabled with system boot (restart). I have to run:
# ufw enable
# systemctl enable ufw.service
everytime I boot my machine.
The "ufw.service" is started at boot according to systemd-analyze blame. However when I check with ufw status it says "inactive".
Also, though I have enabled 'logging', no log is to be found on my system.
Need a little help with these...
Regards...
Last edited by fantab (2013-09-18 01:55:10)
"Evolution is the nature's way of issuing upgrades".
__________________________________________________________
Arch_x64-Gnome-Shell ~ Arch-lts_x64-Xfce ~ LMDE_x64-Cinnamon
Offline
What does
systemctl status ufw.service
show?
Also, take a look in the journal using journalctl (man journalctl for details and options to help parse the output).
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
Not really contributing much here, but I do actively use gufw, with the ufw.service enabled and I am having no problems.
Claire is fine.
Problems? I have dysgraphia, so clear and concise please.
My public GPG key for package signing
My x86_64 package repository
Offline
Here's the output:
$ systemctl status ufw.service
ufw.service - CLI Netfilter Manager
Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled)
Active: active (exited) since Tue 2013-09-17 12:36:05 IST; 1min 25s ago
Process: 129 ExecStart=/usr/lib/ufw/ufw-init start (code=exited, status=0/SUCCESS)
I will check the journalctl... and report what it has to say.
EDIT: I have cheked 'journalctl', and I found:
-- Reboot -- [OLDER]
Mar 19 21:39:17 Echo systemd[1]: Starting CLI Netfilter Manager...
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo ufw-init[138]: WARNING: The state match is obsolete. Use conntrack instead.
Mar 19 21:39:19 Echo systemd[1]: Started CLI Netfilter Manager.
-- Reboot -- [TODAY]
Sep 17 11:55:17 Echo systemd[1]: Starting CLI Netfilter Manager...
Sep 17 11:55:22 Echo systemd[1]: Started CLI Netfilter Manager.
Then I did:
$ systemctl | grep -i exited
ip6tables.service loaded active exited IPv6 Packet Filtering Framework
iptables.service loaded active exited Packet Filtering Framework
systemd-remount-fs.service loaded active exited Remount Root and Kernel File Systems
systemd-sysctl.service loaded active exited Apply Kernel Variables
systemd-...es-setup.service loaded active exited Recreate Volatile Files and Directories
systemd-...-trigger.service loaded active exited udev Coldplug all Devices
systemd-update-utmp.service loaded active exited Update UTMP about System Reboot/Shutdown
systemd-...sessions.service loaded active exited Permit User Sessions
systemd-...le-setup.service loaded active exited Setup Virtual Console
ufw.service loaded active exited CLI Netfilter Manager
Then I found:
-- Reboot --
Sep 05 19:45:14 Echo systemd[1]: Starting Packet Filtering Framework...
Sep 05 19:45:14 Echo systemd[1]: Started Packet Filtering Framework.
Sep 05 19:45:59 Echo iptables-flush[703]: /usr/sbin/iptables
Sep 05 19:45:59 Echo systemd[1]: Stopped Packet Filtering Framework.
-- Reboot --
Sep 07 05:10:46 Echo systemd[1]: Starting Packet Filtering Framework...
Sep 07 05:10:46 Echo systemd[1]: Started Packet Filtering Framework.
-- Reboot --
Sep 08 16:45:22 Echo systemd[1]: Stopped Packet Filtering Framework.
-- Reboot --
Sep 08 17:16:51 Echo iptables-flush[4255]: /usr/sbin/iptables
Sep 08 17:16:51 Echo systemd[1]: Stopped Packet Filtering Framework.
-- Reboot --
Sep 13 17:54:13 Echo systemd[1]: Stopped Packet Filtering Framework.
-- Reboot --
Sep 14 07:53:42 Echo systemd[1]: Stopped Packet Filtering Framework.
-- Reboot --
Sep 16 14:36:24 Echo systemd[1]: Stopped Packet Filtering Framework.
-- Reboot --
Sep 16 15:02:03 Echo systemd[1]: Stopped Packet Filtering Framework.
-- Reboot --
Sep 16 21:35:07 Echo systemd[1]: Stopped Packet Filtering Framework.
-- Reboot --
Sep 17 12:20:40 Echo systemd[1]: Stopped Packet Filtering Framework.
I hope the pasted outputs will be helpful...
Last edited by fantab (2013-09-17 08:34:00)
"Evolution is the nature's way of issuing upgrades".
__________________________________________________________
Arch_x64-Gnome-Shell ~ Arch-lts_x64-Xfce ~ LMDE_x64-Cinnamon
Offline
OK. I don't know quite how ufw does things but that doesn't look odd to me. What does
# iptables --list-rules
# ip6tables --list-rules
give? As far as I know ufw is just a frontend to iptables/ip6tables so if it is working properly, this should list the rules you've set.
EDIT: Well obviously the complaint about "state" is odd in the sense that you need to change it to use "conntrack" but apart from that, it doesn't look odd.
Last edited by cfr (2013-09-17 21:22:49)
CLI Paste | How To Ask Questions
Arch Linux | x86_64 | GPT | EFI boot | refind | stub loader | systemd | LVM2 on LUKS
Lenovo x270 | Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz | Intel Wireless 8265/8275 | US keyboard w/ Euro | 512G NVMe INTEL SSDPEKKF512G7L
Offline
$ systemctl | grep -i exited ip6tables.service loaded active exited IPv6 Packet Filtering Framework iptables.service loaded active exited Packet Filtering Framework .. ufw.service loaded active exited CLI Netfilter Manager
You need to disable iptables in systemd. ufw will take care & be using it. You cannot have both enabled at the same time.
Offline
fantab wrote:$ systemctl | grep -i exited ip6tables.service loaded active exited IPv6 Packet Filtering Framework iptables.service loaded active exited Packet Filtering Framework .. ufw.service loaded active exited CLI Netfilter Manager
You need to disable iptables in systemd. ufw will take care & be using it. You cannot have both enabled at the same time.
That was it. I disabled both ip6tables.service and iptables.service and now ufw.service status is 'Active' from boot. I wonder how and when 'iptables' got enabled in systemd.
Thanks a lot Strike0 and cfr.
"Evolution is the nature's way of issuing upgrades".
__________________________________________________________
Arch_x64-Gnome-Shell ~ Arch-lts_x64-Xfce ~ LMDE_x64-Cinnamon
Offline
Pages: 1