Page MenuHomeSolus

ufw service not active even after enabling it or starting it
Closed, ResolvedPublic

Description

'sudo systemctl enable ufw.service && sudo systemctl start ufw' does not work. I mean it gives no error messages. But when I later check with 'sudo systemctl status ufw' it shows the following output ...

ufw.service - CLI Netfilter Manager
   Loaded: loaded (/usr/lib64/systemd/system/ufw.service; enabled; vendor preset: enabled)
   Active: active (exited) since Mon 2017-01-02 18:10:46 IST; 1min 1s ago
  Process: 464 ExecStart=/usr/lib/ufw/ufw-init start (code=exited, status=0/SUCCESS)
 Main PID: 464 (code=exited, status=0/SUCCESS)
   CGroup: /system.slice/ufw.service

Jan 02 18:10:46 pj_laptop ufw-init[464]: Skip starting firewall: ufw (not enabled)

I am not able to use 'ufw' command from terminal as well.

Event Timeline

ufw has it's own internal status for whether or not it is active. you need to turn on the firewall:

sudo ufw enable

Ran that command. Nothing changed.

And by the way, how is it different from 'sudo systemctl start ufw' ?

ufw is working here after enabling and starting it via systemctl as well as ufw itself. Try

ufw status

It shows enabled here, and even though it doesn't show the rules I added, iptables is populated.

Are you sure?

sudo ufw status

Should show:

Status: active

I'd have to look at the source for the particulars, I just know that ufw is "special" at times.

parijathakumar closed this task as Resolved.Jan 2 2017, 2:59 PM
parijathakumar claimed this task.

Thanks. You are right. It is 'active'. I don't know what changed. May be the 'sudo ufw enable' did something which 'sudo systemctl enable ufw.service' could not do ? Any how, now that 'ufw' is working for me, I am marking it as 'Resolved'. Thanks once again.

And for information, Arch's wiki on ufw, here, is helpful.

It suggests to ....

  1. First make some basic rules with sudo ufw default deny and other needed commands
  2. Then, for the first time after installation .... sudo ufw enable
  3. And then, subsequently ... sudo systemctl enable ufw.service