Ufw not booting during startup (no /etc/init.d/ufw)

Hello,

I cannot get ufw to start at boot. I suppose it has to do with the following:



linux-wzdx:/home/<user> # systemctl start ufw.service
linux-wzdx:/home/<user> # ufw status
Status: inactive
linux-wzdx:/home/<user> # systemctl status -l ufw.service
ufw.service - /etc/init.d/ufw Compatibility                                                                            
   Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled)
   Active: failed (Result: exit-code) since <date>
  Process: 2596 ExecStop=/etc/init.d/ufw stop (code=exited, status=203/EXEC)
  Process: 2593 ExecStart=/etc/init.d/ufw start (code=exited, status=203/EXEC)
 Main PID: 2593 (code=exited, status=203/EXEC)

<date> linux-wzdx systemd[2596]: Failed at step EXEC spawning /etc/init.d/ufw: No such file or directory
linux-wzdx:/home/<user> # ufw version
ufw 0.34
Copyright 2008-2015 Canonical Ltd.

I can start it manually with “# ufw enable” but it does not start automatically at boot. And I could not get the YaST firewall to work well with Syncthing.

I have an up-to-date Leap 42.1 and this ufw package comes from the security repo. I had the same problem with the 0.33 version in the stardard repos.

This is my /usr/lib/systemd/system/ufw.service:


#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.

[Unit]
Description=/etc/init.d/ufw Compatibility
After=network.target


[Service]
ExecStart=/etc/init.d/ufw start
ExecStop=/etc/init.d/ufw stop
StandardOutput=syslog

[Install]
WantedBy=multi-user.target

Any ideas on how to solve this?
Thank you!

I noticed that “/etc/init.d/ufw: No such file or directory”. I wonder if that may be the problem. Have you verified that there is in fact a /etc/init.d/ufw?

More specifically,
It sounds very much like ufw exists but in a location different than what is specified in the Unit file.

Likely solution:
First, get the actual location of your ufw file.
This might be done a couple ways…

The following inspects the contents of your ufw package(assumes packagename ufw.rpm) which should also describe the location of the file

rpm -ql ufw.rpm

If locate is installed on your system (package mlocate), then simply search for the file

locate ufw

Once the file location is determined,
Copy the ufw Unit file as follows

cp /usr/lib/systemd/system/ufw.service /etc/systemd/system/

Then, leaving the original file alone, edit the file you just copied to specify the ufw executable in the correct location.

Update/Reload your systemd services with the following command and you should be able to use your systemd commands to manage your ufw service

systemctl reload 

If all this works, then you should also create a new bug at https://bugzilla.opensuse.org, reporting your finding so someone can fix the package for others.

HTH,
TSU

Thank you for the answers!

I didn’t have time to write a follow-up early on, but it seems I was on the right path. Unfortunately it’s not working yet.

So right after posting I began exploring a bit more. I found out the location of ufw via whereis:

ufw: /usr/bin/ufw /usr/sbin/ufw /etc/ufw /lib/ufw /usr/share/ufw /usr/share/man/man8/ufw.8.gz

and I edited /usr/lib/systemd/system/ufw.service (without copying it to /etc/systemd/system) so that it reads:

#  This file is part of systemd.
#
#  systemd is free software; you can redistribute it and/or modify it
#  under the terms of the GNU General Public License as published by
#  the Free Software Foundation; either version 2 of the License, or
#  (at your option) any later version.

[Unit]
Description=/etc/init.d/ufw Compatibility
After=network.target


[Service]
ExecStart=/usr/sbin/ufw enable
ExecStop=/usr/sbin/ufw disable
StandardOutput=syslog

[Install]
WantedBy=multi-user.target

I figure the “Description” isn’t that important (?). But I wouldn’t know what to write there either.

In any case, this didn’t help. Now I copied it to /etc/systemd/system and tried it again with no luck - and I did reboot the machine. Many times :slight_smile:

linux-wzdx:/home/<user> # ufw status
Status: inactive
linux-wzdx:/home/<user> # systemctl start ufw
linux-wzdx:/home/<user> # ufw status
Status: inactive

Any further insights?

I really appreciate the help :good:

By the way, we’re supposed to also ‘enable’ it via systemctl so that it starts at boot, but this is what I get:

linux-wzdx:/home/<user> # systemctl enable ufw                                                                  
Failed to execute operation: File exists

:sarcastic:

Hi
Looking at the spec file here: https://build.opensuse.org/package/view_file/security/ufw/ufw.spec?expand=1

You need to copy the /lib/ufw/ufw-init file to /etc/init.d/ufw then re-edit your systemd service to point at /etc/init.d/ufx with start and stop entries. Reload systemctl and start the service, then check it’s status and if all ok enable. Not sure about the user rules files in /lib/ufw and where they go…

But if that works it’s a packaging bug that needs to be sorted…

Thank you Malcolm, but no luck yet.

I reinstalled ufw (and gufw), copied /lib/ufw/ufw-init to /etc/init.d/ufw, restarted the computer, but nothing changed. I even tried pointing the ExecStart directly to /lib/ufw/ufw-init.

Is anyone able to reproduce the issue?

Hi
So is you open a terminal and switch to root user and run;


systemctl status ufw
systemctl start ufw
systemctl status ufw

What does this show?

Hey, this is the output:

linux-wzdx:/home/<user> # systemctl status ufw
ufw.service - /etc/init.d/ufw Compatibility
   Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled)
   Active: inactive (dead) since Tue 2016-03-15 08:23:24 EET; 25s ago
  Process: 2295 ExecStop=/etc/init.d/ufw stop (code=exited, status=0/SUCCESS)
  Process: 2162 ExecStart=/etc/init.d/ufw start (code=exited, status=0/SUCCESS)
 Main PID: 2162 (code=exited, status=0/SUCCESS)

linux-wzdx:/home/<user> # systemctl start ufw 
linux-wzdx:/home/<user> # systemctl status ufw
ufw.service - /etc/init.d/ufw Compatibility
   Loaded: loaded (/usr/lib/systemd/system/ufw.service; enabled)
   Active: inactive (dead) since Tue 2016-03-15 08:23:54 EET; 1s ago
  Process: 2802 ExecStop=/etc/init.d/ufw stop (code=exited, status=0/SUCCESS)
  Process: 2595 ExecStart=/etc/init.d/ufw start (code=exited, status=0/SUCCESS)
 Main PID: 2595 (code=exited, status=0/SUCCESS)

moreover

linux-wzdx:/home/<user> # ufw status
Status: inactive

and

linux-wzdx:/home/<user> # iptables -L          
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-input  all  --  anywhere             anywhere            
ufw-before-input  all  --  anywhere             anywhere            
ufw-after-input  all  --  anywhere             anywhere            
ufw-after-logging-input  all  --  anywhere             anywhere            
ufw-reject-input  all  --  anywhere             anywhere            
ufw-track-input  all  --  anywhere             anywhere            

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-forward  all  --  anywhere             anywhere            
ufw-before-forward  all  --  anywhere             anywhere            
ufw-after-forward  all  --  anywhere             anywhere            
ufw-after-logging-forward  all  --  anywhere             anywhere            
ufw-reject-forward  all  --  anywhere             anywhere            
ufw-track-forward  all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ufw-before-logging-output  all  --  anywhere             anywhere            
ufw-before-output  all  --  anywhere             anywhere            
ufw-after-output  all  --  anywhere             anywhere            
ufw-after-logging-output  all  --  anywhere             anywhere            
ufw-reject-output  all  --  anywhere             anywhere            
ufw-track-output  all  --  anywhere             anywhere            

Chain ufw-after-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-input (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-after-output (1 references)
target     prot opt source               destination         

Chain ufw-before-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination         

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination         

Chain ufw-before-output (1 references)
target     prot opt source               destination         

Chain ufw-reject-forward (1 references)
target     prot opt source               destination         

Chain ufw-reject-input (1 references)
target     prot opt source               destination         

Chain ufw-reject-output (1 references)
target     prot opt source               destination         

Chain ufw-track-forward (1 references)
target     prot opt source               destination         

Chain ufw-track-input (1 references)
target     prot opt source               destination         

Chain ufw-track-output (1 references)
target     prot opt source               destination 

So iptables is somehow modified, but it’s empty?

Hi
Down in /lib/ufw are some rules files (have no idea where they are meant to go), also check the configuration via YaST /etc/sysconf editor

I’m afraid this is way beyond my technical skills. I’ll open a bug report.

Meanwhile I’ll try to make SuSEfirewall2 work better with Syncthing.

Thank you all for your help!

P.S.: This thread is in the wrong section - it probably belongs in “Applications”.

I do have 2 issues right now with tumbleweed, one is the issue with ufw not starting at login, I have tried systemctl enable ufw systemctl start ufw, but to no avail, the other issue is that Yast won’t let me change the hostname, for example if I change the hostname to “linux-opensuse” and then restart the pc, it stays with the original hostname “linux-ihjz” when loggin in, it’s driving me mad.:mad:

Hi
Normally I just go to YaST Network Settings and then temporarily switch to wicked, then set the hostname and domain, unckeck the hostname from dhcp box, then switch back to network manager and save/finish.

@ MalcolmLewis, thank you very much, followed your advice and it worked!:good: