My server uses ufw to set up a simple firewall. I noticed however that the ufw firewall remained disabled after a reboot: ufw status
reported "disabled" always.
I checked the following:
-
The
/etc/ufw/ufw.conf
file containedENABLED=yes
. -
The service was correctly registered with
systemctl
, and looking in the/var/log/syslog
file I could see the line "Starting Uncomplicated firewall", which proved it was at least started -
A very odd thing was that even though the firewall was saying it was disabled the system log still showed audit log lines.
-
iptables -L
showed that indeed all of the usual configuration was gone.
Best Answer
The cause of this problem was that the service netfilter-persistent (also called iptables-persistent on other distributions) was enabled on the system, and this ran after ufw was disabled. This overwrote the ipfilter configuration from ufw.
I disabled netfilter-persistent:
and after that booting properly enabled ufw.