linux_dream
n00b
Joined: 18 Jun 2015
Posts: 14
|
 Posted: Tue Jun 23, 2015 12:03 am Post subject: Unable to use ufw correctly |
 |
|
Hello people,
I've downloaded ufw and iptables, I've enabled everything I had to in the kernel I believe. For instance | Code: | $ sudo /usr/share/ufw/check-requirements
Password:
Has python: pass (binary: python2.7, version: 2.7.9, py2)
Has iptables: pass
Has ip6tables: pass
Has /proc/net/dev: pass
Has /proc/net/if_inet6: pass
This script will now attempt to create various rules using the iptables
and ip6tables commands. This may result in module autoloading (eg, for
IPv6).
Proceed with checks (Y/n)?
== IPv4 ==
Creating 'ufw-check-requirements'... done
Inserting RETURN at top of 'ufw-check-requirements'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
addrtype (LOCAL): pass
addrtype (MULTICAST): pass
addrtype (BROADCAST): pass
icmp (destination-unreachable): pass
icmp (source-quench): pass
icmp (time-exceeded): pass
icmp (parameter-problem): pass
icmp (echo-request): pass
== IPv6 ==
Creating 'ufw-check-requirements6'... done
Inserting RETURN at top of 'ufw-check-requirements6'... done
TCP: pass
UDP: pass
destination port: pass
source port: pass
ACCEPT: pass
DROP: pass
REJECT: pass
LOG: pass
hashlimit: pass
limit: pass
state (NEW): pass
state (RELATED): pass
state (ESTABLISHED): pass
state (INVALID): pass
state (new, recent set): pass
state (new, recent update): pass
state (new, limit): pass
interface (input): pass
interface (output): pass
multiport: pass
comment: pass
icmpv6 (destination-unreachable): pass
icmpv6 (packet-too-big): pass
icmpv6 (time-exceeded): pass
icmpv6 (parameter-problem): pass
icmpv6 (echo-request): pass
icmpv6 with hl (neighbor-solicitation): pass
icmpv6 with hl (neighbor-advertisement): pass
icmpv6 with hl (router-solicitation): pass
icmpv6 with hl (router-advertisement): pass
|
However I need to run the following command twice for ufw to be enabled: | Code: | | sudo systemctl start ufw |
. The first time it fails with the message | Code: | Job for ufw.service failed. See "systemctl status ufw.service" and "journalctl -xe" for details.
|
but none of the two commands show anything about ufw. Then | Code: | $ systemctl status ufw
● ufw.service - Uncomplicated Firewall
Loaded: loaded (/usr/lib64/systemd/system/ufw.service; disabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Mon 2015-06-22 19:48:20 ART; 48s ago
Process: 10644 ExecStart=/usr/share/ufw/ufw-init start (code=exited, status=1/FAILURE)
Main PID: 10644 (code=exited, status=1/FAILURE) |
.
But running the command to start ufw again starts the service and I get | Code: | $ systemctl status ufw
● ufw.service - Uncomplicated Firewall
Loaded: loaded (/usr/lib64/systemd/system/ufw.service; disabled; vendor preset: enabled)
Active: active (exited) since Mon 2015-06-22 19:53:49 ART; 20s ago
Process: 11942 ExecStart=/usr/share/ufw/ufw-init start (code=exited, status=0/SUCCESS)
Main PID: 11942 (code=exited, status=0/SUCCESS) |
Now the problem is that I need to run the command twice to start ufw. And so | Code: | | sudo systemctl enable ufw |
won't start ufw on boot up; instead it will fail to start the ufw service and it will boot to a black screen (I have to hard reboot and edit a grub line to fix the problem by disabling ufw service and reboot).
Any help in setting up ufw is appreciated, thanks! |
|
Networking & Security
