CODEWITHSUNDEEP
ubuntuserverfirewallufw
Diesel
Diesel

Reputation: 5345

UFW blocks most ports until disabled and re-enabled after reboot

I have UFW running on my server. When I restart it:

$sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
5550                       ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
8000                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             
5550 (v6)                  ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
8000 (v6)                  ALLOW       Anywhere (v6)

When I try to run it however, my ports 8000 and 1194 are currently being blocked.

When I run:

$sudo ufw disable
$sudo ufw enable

Then the ports are open. When I run status after that, it is the exact same as previously pasted.

Upvotes: 8

Views: 8696

Answers (4)

Kattern
Kattern

Reputation: 3109

Thanks to the reminder from @Nicholas. The problem is caused by iptables-persistent indeed. However, simply remove iptables-persistent is not a good solution as there maybe other rules applied through iptables. Thus if iptables-persistent is installed, a better way may be to persistent ufw rules using iptables-persistent, i.e.,

sudo ufw reload
sudo netfilter-persistent save

Upvotes: 8

Nicholas
Nicholas

Reputation: 73

The real solution is to uninstall iptables-persistent and its dependency: sudo apt remove iptables-persistent and sudo apt autoremove.

As per: https://github.com/pivpn/pivpn/issues/414

Upvotes: 7

asdf
asdf

Reputation: 21

My impression is that the changes made with ufw have not been saved and are transient. Rebooting without saving the new rules results in loading the previously saved older rules.

Save the new rules with: 

iptables-save > /etc/iptables.rules

These rules should be reloaded automatically by the system at boot time. Or they can be reloaded with:

iptables-restore < /etc/iptables.rules

Upvotes: 2

Nepitwin
Nepitwin

Reputation: 83

I'm having same issue with my http and https ports that they are blocked by ufw by reboot. After i disable and enable UFW all ports are running from my UFW firewall rules. Same with sudo ufw reload command.

So i create a workaround by my machine and create a system.d service which starts a simple script in /etc/systemd/system/firewall.service.

[Unit]
Description=Firewall restart blocking solution.

[Service]
Type=simple
ExecStart=/var/scripts/firewall.sh

[Install]
WantedBy=multi-user.target

Then my script is simple

#!/bin/bash
sudo ufw reload

At least i setup to start my init.d on boot

sudo systemctl enable firewall.service

Then all my ports works after a reboot fine. It's maybee a workaround of this issue.

Upvotes: 4

Related Questions