Solved

My LINUX UFW keeps resetting after reboot

Posted on 2009-03-31
17
606 Views
Last Modified: 2012-06-27
Everytime I ahve lsot power or rebooted my UFW rules reset and I am not able to SSH in.
I have to go log onto the server itself and sudo ufw allow 22, every time, any way to lock this in?
0
Comment
Question by:manelson05
  • 9
  • 5
  • 2
  • +1
17 Comments
 
LVL 29

Expert Comment

by:fosiul01
ID: 24030489
you need to add those rule in

rc.local file

in red hat/centos

cd /etc/rc.d/rc.local

in debin or ubuntu

it should be

/etc/rc.local

add the rule in rc.local file

so when server will boot, those rules will automaticaly added
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24030508
0
 

Author Comment

by:manelson05
ID: 24031971
I did the following below, no just change the file  $chmod +x FOO
Is this correct?

!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
ufw allow 22
exit 0
0
 

Author Comment

by:manelson05
ID: 24032438
Thats did not work what I just tried.
Unable to get back in.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 24032929
have a startup script in /etc/rc5.d to run the command every time the system is booted or have a crontab job that run every say 5 min that runs the command
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 24033488
UFW is for Ubuntu and more to the point its a nice simple interface for iptables.

http://blog.controlunlimited.net/index.php/2008/05/13/iptables-aamp-ubuntu?blog=1

The main command you want is "iptables-save > /etc/iptables.rules", but add the rest of the iptables-save commands to the /etc/network/interfaces file.

As suggested by omarfarid you can do the above command in a cronjob similar to :

*/5 * * * * iptables-save > /etc/iptables.rules > /dev/null 2>&1

This will save the iptables setup every 5 minutes, and then when you reboot or loose power the above modifications to the interfaces file will bring the rules back automatically.

You will need to "test" this though by rebooting your server and see if UFW is able to list the rules after they have been restored.
0
 

Author Comment

by:manelson05
ID: 24033528
can I simply issue the command
ufw enable

?

How would I do this with cron job?
0
 
LVL 13

Expert Comment

by:WizRd-Linux
ID: 24033860
The quickest and laziest way is to put it in your /etc/rc.local file on ubuntu.

chmod +x /etc/rc.local
Edit /etc/rc.local with your favourite editor and add before the line exit 0
ufw enable
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 29

Expert Comment

by:fosiul01
ID: 24036672
Hi Good morning
Sorry due to night didnot able to reply

Ok have you tryed by just adding that rule in rc.local file as i said ??

ufw should be enable always , is not it ??

but if you thin you need to start ufw rules then  add the command in rc.local file directory..

just edit rc.local file by your hand and add those rules
0
 

Author Comment

by:manelson05
ID: 24040831
I have edited rc.local and it still is nto starting back up upon reboot.
0
 

Author Comment

by:manelson05
ID: 24040917
I think I am going to try to do a cron job.
0
 

Author Comment

by:manelson05
ID: 24041532
I have done the following sudo crontab -e and added */5 * * * * iptables-save > /etc/iptables.rules > /dev/null 2>&1

I dont want to be lazy, I am trying to learn as I go, all I can really do.
Unfortunately this is not working.
0
 

Author Comment

by:manelson05
ID: 24041853
I have also tried network interfaces and added

post-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules

auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
post-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules
gateway 10.0.0.254

0
 
LVL 29

Expert Comment

by:fosiul01
ID: 24047293
Ok let me try myself, i will come back
0
 

Author Comment

by:manelson05
ID: 24049622



I am going to remove firestarter and UFW then reinstall gufw to test then reboot.
If I am not mistaken ufw/gufw same thing front end for iptables.

Same cmd line works or so it seemed last night.
I did notice that if I enabled GUFW firewall on then issued the same cmd via ufw cmd line then checked GUFW the firewall was disabled.
Maybe the firestarter interface is conflicting with ufw cmd line on the server?
0
 
LVL 29

Accepted Solution

by:
fosiul01 earned 500 total points
ID: 24049819
i am failier with Redhat and centos

i know the fact if you add those rules in rc.local it will work, its 100% sure

so there might be something else is culprit.

if you have 2 firewall running, then you will have to  make sure, which one is the mail
disable one, and keep running another one see what happended
0
 

Author Closing Comment

by:manelson05
ID: 31564912
Changed firewall settings.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now