Fix ufw service not loading after a reboot
Uncomplicated FireWall and Docker
1 minute
Or help me out by engaging with any advertisers that you find interesting
I have a Ubuntu 18.04 LTS server running ufw (Uncomplicated Firewall) and Docker. Docker relies on iptables-persistent, an interface to a much more powerful and complicated firewall that many people would rather avoid.
The problem is that ufw and iptables-persistent are both ways for creating the same firewall. On my server, only one service would ever run at startup, negating the other.
After a reboot, ufw is always disabled.
$ sudo ufw status
Status: inactive
Even though the ufw service is enabled, the active service has exited if you look closely.
$ sudo systemctl status ufw
● ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited)
If I check the server services, both ufw and netfilter-persistent are enabled. The netfilter-persistent is a means for managing iptables on Debian and Ubuntu systems.
$ sudo service --status-all
[ + ] netfilter-persistent
[ + ] ufw
The fix is simple; we need to tell the operating system to load ufw after the netfilter-persistent.
Find and backup the ufw service.
$ ls -l /lib/systemd/system/ufw.service
-rw-r--r-- 1 root root 266 Aug 15 2017 ufw.service
$ cd /lib/systemd/system/
$ sudo cp ufw.service ufw.service.original
$ cat /lib/systemd/system/ufw.service
[Unit]
Description=Uncomplicated firewall
Documentation=man:ufw(8)
DefaultDependencies=no
Before=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/lib/ufw/ufw-init start quiet
ExecStop=/lib/ufw/ufw-init stop
[Install]
WantedBy=multi-user.target
Update and save the modified service by appending After=netfilter-persistent.service
to the [Unit] block.
$ sudo nano /lib/systemd/system/ufw.service
1 [Unit]
2 Description=Uncomplicated firewall
3 Documentation=man:ufw(8)
4 DefaultDependencies=no
5 Before=network.target
6 After=netfilter-persistent.service
7
8 [Service]
9 Type=oneshot
10 RemainAfterExit=yes
11 ExecStart=/lib/ufw/ufw-init start quiet
12 ExecStop=/lib/ufw/ufw-init stop
13
14 [Install]
15 WantedBy=multi-user.target
Reboot and test. Hopefully, ufw status should now always be active!
$ sudo reboot
$ sudo ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
Written by Ben Garrett