manelson05
asked on
My LINUX UFW keeps resetting after reboot
Everytime I ahve lsot power or rebooted my UFW rules reset and I am not able to SSH in.
I have to go log onto the server itself and sudo ufw allow 22, every time, any way to lock this in?
I have to go log onto the server itself and sudo ufw allow 22, every time, any way to lock this in?
or have a look this one
http://ubuntu.wordpress.com/2005/09/07/adding-a-startup-script-to-be-run-at-bootup/
http://ubuntu.wordpress.com/2005/09/07/adding-a-startup-script-to-be-run-at-bootup/
ASKER
I did the following below, no just change the file $chmod +x FOO
Is this correct?
!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
ufw allow 22
exit 0
Is this correct?
!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
ufw allow 22
exit 0
ASKER
Thats did not work what I just tried.
Unable to get back in.
Unable to get back in.
have a startup script in /etc/rc5.d to run the command every time the system is booted or have a crontab job that run every say 5 min that runs the command
UFW is for Ubuntu and more to the point its a nice simple interface for iptables.
http://blog.controlunlimited.net/index.php/2008/05/13/iptables-aamp-ubuntu?blog=1
The main command you want is "iptables-save > /etc/iptables.rules", but add the rest of the iptables-save commands to the /etc/network/interfaces file.
As suggested by omarfarid you can do the above command in a cronjob similar to :
*/5 * * * * iptables-save > /etc/iptables.rules > /dev/null 2>&1
This will save the iptables setup every 5 minutes, and then when you reboot or loose power the above modifications to the interfaces file will bring the rules back automatically.
You will need to "test" this though by rebooting your server and see if UFW is able to list the rules after they have been restored.
http://blog.controlunlimited.net/index.php/2008/05/13/iptables-aamp-ubuntu?blog=1
The main command you want is "iptables-save > /etc/iptables.rules", but add the rest of the iptables-save commands to the /etc/network/interfaces file.
As suggested by omarfarid you can do the above command in a cronjob similar to :
*/5 * * * * iptables-save > /etc/iptables.rules > /dev/null 2>&1
This will save the iptables setup every 5 minutes, and then when you reboot or loose power the above modifications to the interfaces file will bring the rules back automatically.
You will need to "test" this though by rebooting your server and see if UFW is able to list the rules after they have been restored.
ASKER
can I simply issue the command
ufw enable
?
How would I do this with cron job?
ufw enable
?
How would I do this with cron job?
The quickest and laziest way is to put it in your /etc/rc.local file on ubuntu.
chmod +x /etc/rc.local
Edit /etc/rc.local with your favourite editor and add before the line exit 0
ufw enable
chmod +x /etc/rc.local
Edit /etc/rc.local with your favourite editor and add before the line exit 0
ufw enable
Hi Good morning
Sorry due to night didnot able to reply
Ok have you tryed by just adding that rule in rc.local file as i said ??
ufw should be enable always , is not it ??
but if you thin you need to start ufw rules then add the command in rc.local file directory..
just edit rc.local file by your hand and add those rules
Sorry due to night didnot able to reply
Ok have you tryed by just adding that rule in rc.local file as i said ??
ufw should be enable always , is not it ??
but if you thin you need to start ufw rules then add the command in rc.local file directory..
just edit rc.local file by your hand and add those rules
ASKER
I have edited rc.local and it still is nto starting back up upon reboot.
ASKER
I think I am going to try to do a cron job.
ASKER
I have done the following sudo crontab -e and added */5 * * * * iptables-save > /etc/iptables.rules > /dev/null 2>&1
I dont want to be lazy, I am trying to learn as I go, all I can really do.
Unfortunately this is not working.
I dont want to be lazy, I am trying to learn as I go, all I can really do.
Unfortunately this is not working.
ASKER
I have also tried network interfaces and added
post-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
post-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules
gateway 10.0.0.254
post-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules
auto eth0
iface eth0 inet static
address 10.0.0.1
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
post-up iptables-restore < /etc/iptables.rules
post-down iptables-save > /etc/iptables.rules
gateway 10.0.0.254
Ok let me try myself, i will come back
ASKER
I am going to remove firestarter and UFW then reinstall gufw to test then reboot.
If I am not mistaken ufw/gufw same thing front end for iptables.
Same cmd line works or so it seemed last night.
I did notice that if I enabled GUFW firewall on then issued the same cmd via ufw cmd line then checked GUFW the firewall was disabled.
Maybe the firestarter interface is conflicting with ufw cmd line on the server?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Changed firewall settings.
rc.local file
in red hat/centos
cd /etc/rc.d/rc.local
in debin or ubuntu
it should be
/etc/rc.local
add the rule in rc.local file
so when server will boot, those rules will automaticaly added