[Ubuntu 16.04] [UFW] Firewall nie uruchamia się automatycznie po restarcie systemu


(Otak) #1

Po restarcie systemu muszę włączać UFW ręcznie pomimo, iż po takim uruchoeminiu mam poniższy komunikat informujący iż autostart jest włączony.

Firewall is active and enabled on system startup

Dzięki za wskazówki.


(adamserce) #2

Zapora jest włączona przy starcie systemu. UFW to konfigurator tej zapory.


(FadeMind) #3

To powinno pomóc:

sudo systemctl enable ufw
sudo ufw enable

Podaj jeszcze wynik:

sudo systemctl status ufw 
sudo ufw status

(Otak) #4

sudo systemctl status ufw

● ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enab
Active: active (exited) since Sat 2018-01-20 08:48:29 CET; 1 day 7h ago
Main PID: 588 (code=exited, status=0/SUCCESS)
CGroup: /system.slice/ufw.service

Jan 20 08:48:29 komp1.costam.pl systemd[1]: Started Uncomplicated firewall.
Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

sudo ufw status

Status: active

To Action From


port1 DENY Anywhere
port2 ALLOW Anywhere


(marcin82) #5

Poka jeszcze:
sudo iptables -nvL


(Otak) #6

Chain INPUT (policy DROP 13 packets, 538 bytes)
pkts bytes target prot opt in out source destination
808K 733M ufw-before-logging-input all – * * 0.0.0.0/0 0.0.0.0/0
808K 733M ufw-before-input all – * * 0.0.0.0/0 0.0.0.0/0
2366 150K ufw-after-input all – * * 0.0.0.0/0 0.0.0.0/0
2191 141K ufw-after-logging-input all – * * 0.0.0.0/0 0.0.0.0/0
2191 141K ufw-reject-input all – * * 0.0.0.0/0 0.0.0.0/0
2191 141K ufw-track-input all – * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw-before-logging-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-before-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-logging-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-track-forward all – * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
767K 31M ufw-before-logging-output all – * * 0.0.0.0/0 0.0.0.0/0
767K 31M ufw-before-output all – * * 0.0.0.0/0 0.0.0.0/0
894 65713 ufw-after-output all – * * 0.0.0.0/0 0.0.0.0/0
894 65713 ufw-after-logging-output all – * * 0.0.0.0/0 0.0.0.0/0
894 65713 ufw-reject-output all – * * 0.0.0.0/0 0.0.0.0/0
894 65713 ufw-track-output all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
3 234 ufw-skip-to-policy-input udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
0 0 ufw-skip-to-policy-input udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
24 960 ufw-skip-to-policy-input tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
148 7456 ufw-skip-to-policy-input tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
0 0 ufw-skip-to-policy-input udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ufw-skip-to-policy-input udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
0 0 ufw-skip-to-policy-input all – * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
13 538 LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ufw-user-forward all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
26 1408 ACCEPT all – lo * 0.0.0.0/0 0.0.0.0/0
805K 733M ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
82 3898 ufw-logging-deny all – * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
82 3898 DROP all – * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
10 392 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT udp – * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
2572 159K ufw-not-local all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp – * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
0 0 ACCEPT udp – * * 0.0.0.0/0 239.255.255.250 udp dpt:1900
2572 159K ufw-user-input all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
26 1408 ACCEPT all – * lo 0.0.0.0/0 0.0.0.0/0
766K 31M ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
894 65713 ufw-user-output all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all – * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10
0 0 LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
2572 159K RETURN all – * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
0 0 RETURN all – * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
0 0 RETURN all – * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
0 0 DROP all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
175 8650 DROP all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-track-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
32 1920 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
862 63793 ACCEPT udp – * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW

Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
1 40 DROP tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:mojport1
0 0 DROP udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:mojport1
3 152 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:mojport2
0 0 ACCEPT udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:mojport2
117 5180 DROP tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:mojport3
0 0 DROP udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:mojport3
11 512 DROP tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:mojport4
0 0 DROP udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:mojport4
20 1024 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:mojport5 /* ‘dapp_Postfix’ */
54 2540 DROP tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:mojport6
0 0 DROP udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:mojport6

Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination

Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination

Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination

Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination


(roobal) #7

Jak widać ufw działa i jak każda aplikacja mająca być user friendly, standardowo robi śmietnik :wink:


(marcin82) #8

Dlatego pytałem o ten wynik, bo na Manjaro u znajomego cały ten wynalazek nie chciał działać … Ustawiłem swoje 5 linijek i po sprawie :smiley:


(Otak) #9

@roobal i @marcin82 - dzięki.