I am currently studying iptables and ufw on Ubuntu server. While playing with them I came across an ambiguity about the true nature of the ufw.
Here is the problem:
-
When I run
sudo ufw statusin terminal, the output isStatus: inactive. -
But when I run
sudo service ufw statusthe output isufw start/running.
Also ufw does not appear in the services list when I run service --status-all.
So my questions are:
- Is ufw a service?
- If yes, why it does not appear in the services list?
- If no, why the terminal answers when I ask about it's status as a service?
- What is the difference between
sudo ufw statusandsudo service ufw status? And why I get different outputs for them?
Best Answer
ufwis an uncomplicated configuration tool for firewalls. It is designed to be usable by people who have no experience with firewalls or want an uncomplicated way to modify the underlyingiptablesandnetfilterrulesets.For example:
ufw allow all port 22 traffic (UDP and TCP):
iptables allow port 22 traffic (UDP and TCP):
Comparatively,
ufwpermits users to modify the basic firewall needs with limited knowledge ofiptablesor such.It in and of itself only modifies
iptables/netfilterrules when 'enabled'. It does not run as its own process, in that sense, because the rules it applies are updated on the fly; I am fairly certain it doesn't continue to 'run'.The only way I would consider
ufwto be a service is in that, at boot time, it may be able to restore whatever rules are defined in it. However,iptables-persistentdoes the same thing, and is not really a service, therefore I do not considerufwa service, as such, as to determine ifufw(that is, the actual firewall rules) are being enforced is withufw status.As per the Community Help Documentation on
ufw, it says nothing aboutufwbeing a service, which seems to support this.And through testing, I have confirmed that
ufwis just a less complicated way to 'configure' firewall rules - the real magic ofufwis that it sets upiptables/netfilterrules which you can then see withiptables -Lwhenufwis enabled.