[clug] Issue where gufw losing settings on reboot
George at Clug
Clug at goproject.info
Wed Dec 20 09:53:18 UTC 2017
Hi,
In a Debian Stretch computer I have been using gufw as simple Firewall
GUI. It seem quite effective and easy to use, but...
I am curious if anyone has seen a similar issue to the one I describe
below;
I run gufw with both incoming and outgoing set to Deny and only open
the specific ports that I wanted to have open.
However I had been having issues where various ports would not work
when I powered the computer on.
I started testing with ssh (port 22) to see if could ssh into the
computer, I would get it to work, only to find the next day I could
not connect any more. Now finally I found a way to manually resolve
the issue.
To resolve this issue, using gufw I would simply set Outgoing from
Deny to Allow, and all would work. Then I discovered that setting
Outgoing from Deny to to Allow, then back to Deny, also worked. I
also found that setting the Incoming to Allow and back to Deny would
work too. Basically causing gufw to rewrite the firewall settings,
would cause all expected ports to work.
Checking the actual firewall setting using "iptables -L >
settings1.txt" directly after powering the computer on. I then ran
gufw, turning outgoing to Allow, and then back to Deny, and then ran
"iptables -L > settings2.txt" and compared the two files.
I found that after on power on or after a reboot of the computer the
"Chain ufw-user-input" setting to open the incoming ssh port was
missing from the configuration. I don't think this is a ssh issue
specifically, it is just the example I was testing with. Somehow
gufw is not setting ports correctly on power on.
Part of iptables -L listing after using gufw to Allow and Deny
Outgoing ports (that is to cause gufw to rewrite the firewall
settings)
Chain ufw-user-input (1 references)
target prot opt source
destination
ACCEPT tcp -- anywhere
anywhere tcp dpt:ssh
Part of iptables -L listing after first powering on the computer or
after a restart (the 'ACCEPT' for the ssh setting is missing)
Chain ufw-user-input (1 references)
target prot opt source destination
Well I expect some readers are thinking, just use iptables instead of
gufw (am I correct?). And I guess that is what I will have to do,
until the bug (if it is a bug and not just my installation) is fixed.
If anyone uses gufw, please let me know of your experiences. Have
you seen this issue?.
Thanks,
George.
More information about the linux
mailing list