Page 1 of 5 123 ... LastLast
Results 1 to 10 of 47

Thread: A question regarding ufw

  1. #1
    Join Date
    Jul 2005
    Beans
    412

    A question regarding ufw

    Hello,
    I run ubuntu 10.04.3 LTS.

    When I enabled ufw, there was a message saying that ufw would be enabled at system startup. Does this mean that ufw will be enabled automatically when ubuntu starts? Is any user intervention necessary once ubuntu starts to get ufw to start and set the iptables rules? I am asking this because on older versions of ubuntu, I was using firestarter and it was supposed to set the iptables rules automatically when ubuntu starts. So, I always assumed that the firewall rules would be set without any user intervention during boot-up.But, on one occasion, after booting up, I found that there were no iptables rules set(they were empty and all default rules were set to ACCEPT) and I had to start firestarter manually to set the iptables rules. Has anyone had a problem like this with ufw? Right now, once I log in, I use the command "sudo ufw status verbose" to make sure that ufw is active. Is this step necessary? Or once ufw is set, can I just forget about checking to see if the firewall is active at later boot ups?

  2. #2
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: A question regarding ufw

    UFW will start automatically at boot time. You don't need to do anything, also be aware it is a front end for iptables like firestarter.

    Also the ufw default policy is drop input accept forward and output

  3. #3
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    So, I don't need to test the status of ufw using the "sudo ufw status verbose" command? Is there any chance of ufw showing the issue I had with firestarter as I mentioned in the earlier post?

  4. #4
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: A question regarding ufw

    I've not seen ufw just not set policies according to the rules you set out. If you're that concerned I would just write an iptables script and set it to run when your networking starts. That's just me though, I don't really use UFW or other front ends so I don't have a whole lot of experience with them just magically deciding not to work.

    Is there a particular reason you need a firewall? IE : Are you trying to block some service from being accessible from the internet? In a default configuration Ubuntu is not running any services so there really isn't anything to firewall.

  5. #5
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    Quote Originally Posted by Dangertux View Post
    I've not seen ufw just not set policies according to the rules you set out. If you're that concerned I would just write an iptables script and set it to run when your networking starts. That's just me though, I don't really use UFW or other front ends so I don't have a whole lot of experience with them just magically deciding not to work.

    Is there a particular reason you need a firewall? IE : Are you trying to block some service from being accessible from the internet? In a default configuration Ubuntu is not running any services so there really isn't anything to firewall.
    I am not running any service. Ubuntu is installed on a desktop workstation. I am using the firewall as an additional layer of security, just in case I inadvertently install some server while installing other packages.

    I was concerned because of the earlier issue I had with firestarter. Despite the fact that I was told that firestarter would set the iptables automatically when ubuntu starts, it didn't do that once. Can you tell me how ufw loads the iptables rules automatically at boot up time? Then, maybe I can check to see if all the necessary files are in the correct place.

  6. #6
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: A question regarding ufw

    Quote Originally Posted by jsvidyad View Post
    I am not running any service. Ubuntu is installed on a desktop workstation. I am using the firewall as an additional layer of security, just in case I inadvertently install some server while installing other packages.

    I was concerned because of the earlier issue I had with firestarter. Despite the fact that I was told that firestarter would set the iptables automatically when ubuntu starts, it didn't do that once. Can you tell me how ufw loads the iptables rules automatically at boot up time? Then, maybe I can check to see if all the necessary files are in the correct place.
    UFW user rules are stored in /lib/ufw/user.rules and user6.rules (for ipv6).

    UFW default rules are stored in /etc/ufw/before.rules /etc/ufw/after.rules and /etc/ufw/before6.rules and after6.rules (for ipv6).

  7. #7
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    Quote Originally Posted by Dangertux View Post
    UFW user rules are stored in /lib/ufw/user.rules and user6.rules (for ipv6).

    UFW default rules are stored in /etc/ufw/before.rules /etc/ufw/after.rules and /etc/ufw/before6.rules and after6.rules (for ipv6).
    Can you tell me where the scripts which are loaded at boot-time are and how they are used? Then, maybe I can check those scripts to make sure that ufw does set the iptables rules when ubuntu starts. I just wanted to say that everytime I checked the status of ufw after logging in, I always found it active. I never ever found it inactive the way I found with firestarter.

  8. #8
    Dangertux is offline Chocolate Ubuntu Mocha Blend
    Join Date
    Jun 2011
    Location
    Atlanta Georgia
    Beans
    1,771
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: A question regarding ufw

    I gave you the locations the rules are stored, so I'm not sure what else you want in regard of scripts, but the easiest way to see if your firewall rules are there is.

    Code:
    sudo iptables -L
    That being said, if you're not setting any rules, IE: you're just doing

    Code:
    sudo ufw enable
    the only thing that would be added in terms of iptables would be

    Code:
    iptables -P INPUT DROP
    So there really isn't anything to see unless you add a rule.
    Last edited by Dangertux; October 5th, 2011 at 03:46 AM.

  9. #9
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    I was hoping you could tell me how the ufw rules are loaded at system startup.

  10. #10
    Join Date
    Jul 2005
    Beans
    412

    Re: A question regarding ufw

    Maybe I wasn't clear. ufw just sets the iptables rules, right?? I just wanted to know where the script that sets iptables rules at startup is and how it sets the iptables rules

Page 1 of 5 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •