Fix ufw service not loading after a reboot

类型:【转载】
原文作者:【Ben】
日期:【31 Jul, 2019】
原文地址：https://devtidbits.com/2019/07/31/ufw-service-not-loading-after-a-reboot/

 

I have a Ubuntu 18.04 server running ufw (Uncomplicated Firewall) and Docker. Docker relies on iptables-persistent, which is an interface to a much more powerful and complicated firewall that many people would rather avoid.

The problem here is that ufw and iptables-persistent are both ways for creating the same firewall. On my server, only one service would ever run at startup negating the other.

After a reboot ufw would always be disabled.

sudo ufw status

Status: inactive

Even though the ufw service is enabled, if you look closely, the active service has exited.

sudo systemctl status ufw 

● ufw.service - Uncomplicated firewall
    Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
    Active: active (exited)

If I check the server services, both ufw and netfilter-persistentare enabled. netfilter-persistent is a means for managing iptables on Debian and Ubuntu systems.

sudo service --status-all

 [ + ]  netfilter-persistent
 [ + ]  ufw

The fix is simple; we need to tell the operating system to load ufw after the netfilter-persistent.

Find and backup the ufw service.

ls -l /lib/systemd/system/ufw.service

-rw-r--r-- 1 root root  266 Aug 15  2017  ufw.service

cd /lib/systemd/system/
sudo cp ufw.service ufw.service.original

cat /lib/systemd/system/ufw.service

 [Unit]
 Description=Uncomplicated firewall
 Documentation=man:ufw(8)
 DefaultDependencies=no
 Before=network.target

 [Service]
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/lib/ufw/ufw-init start quiet
 ExecStop=/lib/ufw/ufw-init stop

 [Install]
 WantedBy=multi-user.target

Update and save the modified service by appending After=netfilter-persistent.service to the [Unit] block.

sudo nano /lib/systemd/system/ufw.service

 [Unit]
 Description=Uncomplicated firewall
 Documentation=man:ufw(8)
 DefaultDependencies=no
 Before=network.target
 After=netfilter-persistent.service

 [Service]
 Type=oneshot
 RemainAfterExit=yes
 ExecStart=/lib/ufw/ufw-init start quiet
 ExecStop=/lib/ufw/ufw-init stop

 [Install]
 WantedBy=multi-user.target

Reboot and test.

sudo reboot

sudo ufw status

Status: active
 To                         Action      From
 --                         ------      ----
 OpenSSH                    ALLOW       Anywhere
 Nginx Full                 ALLOW       Anywhere