11

I was trying to setup a firewall in my Ubuntu 12.04 machine. After some struggling I got the following. Isn't this sounds a bit odd?

thomas@thomas-K40IJ:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
21/tcp                     ALLOW OUT   Anywhere
80                         ALLOW OUT   Anywhere
22                         ALLOW OUT   Anywhere
21/tcp                     ALLOW OUT   Anywhere (v6)
80                         ALLOW OUT   Anywhere (v6)
22                         ALLOW OUT   Anywhere (v6)

thomas@thomas-K40IJ:~$ sudo ufw reload
Firewall not enabled (skipping reload)
thomas@thomas-K40IJ:~$ sudo ufw enable 
ERROR: Could not load logging rules
thomas@thomas-K40IJ:~$

Also my firewall seems disabled after reboot. What am I missing?

Thomas
  • 497
  • 2
  • 6
  • 14

3 Answers3

18
mateusz@debian:~$ sudo ufw disable
Firewall stopped and disabled on system startup

mateusz@debian:~$ sudo ufw status verbose
Status: inactive

mateusz@debian:~$ sudo ufw enable
ERROR: problem running ufw-init

Even if error occurs, you can check that ufw is running.

mateusz@debian:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing)
New profiles: skip

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW IN    Anywhere
22/tcp                     ALLOW IN    Anywhere

or

mateusz@debian:~$ sudo service ufw status
[ ok all is running...done.

You can easily set up manually ENABLED=yes in ufw config

sudo nano /etc/ufw/ufw.conf

which contains:

# /etc/ufw/ufw.conf
#

# Set to yes to start on boot. If setting this remotely, be sure to add a rule
# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
ENABLED=no

# Please use the 'ufw' command to set the loglevel. Eg: 'ufw logging medium'.
# See 'man ufw' for details.
LOGLEVEL=low
Mateusz
  • 346
  • 2
  • 5
  • I don't understand why this is the accepted answer. It doesn't address the ***logical contradiction*** of the two command's output--how can the firewall be both `Status: active` & `Firewall not enabled` at the same time. And further answers suggesting using `gufw` are equally unhelpful. – xtian Apr 01 '21 at 13:01
  • @xtian This answer has the solution only at the bottom using `ENABLED=yes`. If you then run `sudo ufw enable`, it will show you `Firewall is active and enabled on system startup`. The first three steps are of no use: I had the same status before the three steps and after the three steps (SAME_STATUS --> disable -- status -- enable --> SAME_STATUS). – questionto42 Jul 27 '21 at 15:58
2

Setting ENABLED=yes in /etc/ufw/ufw.conf did it for me.

$ sudo ufw reload
Firewall not enabled (skipping reload)
$ sudo ufw logging on (showing that @Thomas' solution has no effect for me)
Logging enabled
$ sudo sed -ie 's/ENABLED=no/ENABLED=yes/' /etc/ufw/ufw.conf

Check to be sure that port 22 is enabled before you reload

$ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere

Reload

$ sudo ufw reload
Firewall reloaded
harperville
  • 121
  • 4
  • Upvote only for the nice shortcut on changing the `/etc/ufw/ufw.conf` with a code line :). Yet, at `sudo ufw reload`, I get the same errors again. That is because at reload, the change of the `/etc/ufw/ufw.conf` goes back to default `ENABLED=no`. The only solution up to now is to run `sudo sed -ie 's/ENABLED=no/ENABLED=yes/' /etc/ufw/ufw.conf` directly before running `sudo ufw enable`. – questionto42 Jul 27 '21 at 15:53
0

ufw has a graphical interface that could help you setup the firewall easier. It should be installed by default, but if you don't have it, do that with sudo apt-get install gufw.
Here is a guide on its usage https://help.ubuntu.com/community/Gufw

Sekhemty
  • 9,166
  • 18
  • 60
  • 97