14.04 missing "/etc/init.d/ufw"? my firewall never auto starts

Question

I need to know how to fix the missing "/etc/init.d/ufw" file, is it some package or some command?

I used the gufw to enable it, but on reboot my firewall was still off...

I created a symlink /etc/init.d/ufw -> /lib/init/upstart-job but I could not make it work like start ufw (neither after reboot).

I found this file /lib/ufw/ufw-init, it looks like a init.d file! can I copy or symlink it there?

Additional (optional) questions:
How to find what package has that file? apt-cache search didnt work..
Can we safely create such a script?
Any idea why is it missing?

Obs.:
My /etc/ufw/ufw.conf has ENABLED=yes (but seems useless).
iptables -L becomes different after I ufw enable, so ufw rules are not being applied on boot by any other means.

PS.: this script did NOT work either

sudo ln -s /lib/ufw/ufw-init /usr/sbin/ufw-init
sudo ln -s /lib/init/upstart-job /etc/init.d/ufw-init
#sudo update-rc.d -f ufw-init remove
sudo update-rc.d ufw-init defaults 99
sudo -k

Answer 1

I also do not have /etc/init.d/ufw and ufw was not auto starting on reboot. But I did this

sudo apt-get install iptables-persistent

On rebooting I checked with

sudo ufw status

It showed active, It always used to show inactive in previous reboots and I used to have to do

sudo ufw enable

I have not installed gufw, I am beginner desktop user, so I have no idea why it worked and whether it will work for you, but it seemed simpler, may be it will help somebody.

Answer 2

[Check this first (I will validate it when I have time), properly configuring ufw may be the best thing to do, this answer here would then just be a fallback.]

Based on this answer and log tip from this answer, I added this:

exec 2> /tmp/rc.local.log      # send stderr from rc.local to a log file                                                                
exec 1>&2                      # send stdout to the same log file                                                                       
#set -x                         # tell sh to display commands before execution                                                          

# this wont exit until successful!
while ! ufw enable;do 
  if ufw status |grep "Status: active";then
    break
  fi
  echo "Failed to apply ufw rules at `date`" >>/dev/stderr;
  sleep 10;
done

to /etc/rc.local before the exit 0 and now it properly loads ufw rules on boot!

But this is a user workaround and not a fix to the system...

I opted also to "change" the rules instead of applying them as default as suggest this answer, because I am not completely sure my custom rules are trouble free.

IMPORTANT: the "if" code did not work once, so I created the "while" code that til now has not caused trouble.

Answer 3

For the effort that went into figuring out the solution, the answer is surprisingly simple.

In /etc/init/ufw.conf:

1) Comment out lines 9 - 11
2) Insert after line 11: start on startup

Fixes the whole problem, including logging to /var/log/ufw.log.

Note
If you have iptables-persistent installed, you must disable it. Move iptables-persistent out of /etc/init.d and rename all the symlinks in rc0.d-rcS.d by making the 1st letter (S or K) lower case. (Or move them out.)

Answer 4

Maybe is your path wrong. Not /etc/init.d/wfw than /etc/init/ufw.conf

I have files with ufw in the name on the fallowing places

xxx@xxx ~/xxx $ sudo find / -name ufw*
[sudo] password for xxx: 
/lib/ufw
/lib/ufw/ufw-init-functions
/lib/ufw/ufw-init
/etc/bash_completion.d/ufw
/etc/default/ufw
/etc/init/ufw.conf
/etc/logrotate.d/ufw
/etc/ufw
/etc/ufw/ufw.conf
/usr/lib/python3/dist-packages/ufw-0.33_0ubuntu4.egg-info
/usr/lib/python3/dist-packages/ufw
/usr/share/doc/ufw
/usr/share/man/man8/ufw-framework.8.gz
/usr/share/man/man8/ufw.8.gz
/usr/share/locale-langpack/en_CA/LC_MESSAGES/ufw.mo
/usr/share/locale-langpack/en_GB/LC_MESSAGES/ufw.mo
/usr/share/locale-langpack/en_AU/LC_MESSAGES/ufw.mo
/usr/share/lintian/overrides/ufw
/usr/share/ufw
/usr/share/ufw/ufw.conf
/usr/share/icons/Mint-X/apps/22/ufw-frontends.png
/usr/share/icons/Mint-X/apps/48/ufw-frontends.png
/usr/share/icons/Mint-X/apps/32/ufw-frontends.png
/usr/share/icons/Mint-X/apps/16/ufw-frontends.png
/usr/share/icons/Mint-X/apps/24/ufw-frontends.png
/usr/share/icons/Mint-X/apps/scalable/ufw-frontends.svg
/usr/sbin/ufw
/var/lib/dpkg/info/ufw.md5sums
/var/lib/dpkg/info/ufw.postinst
/var/lib/dpkg/info/ufw.list
/var/lib/dpkg/info/ufw.prerm
/var/lib/dpkg/info/ufw.conffiles
/var/lib/dpkg/info/ufw.templates
/var/lib/dpkg/info/ufw.config
/var/lib/dpkg/info/ufw.preinst
/var/lib/dpkg/info/ufw.postrm
/var/lib/dpkg/info/ufw.triggers
/var/log/ufw.log.4.gz
/var/log/ufw.log.2.gz
/var/log/ufw.log.1
/var/log/ufw.log
/var/log/ufw.log.3.gz

Output from init file

cat /etc/init/ufw.conf
# ufw - Uncomplicated Firewall
#
# The Uncomplicated Firewall is a front-end for iptables, to make managing a
# Netfilter firewall easier.

description "Uncomplicated firewall"

# Make sure we start before an interface receives traffic
start on (starting network-interface
          or starting network-manager
          or starting networking)

stop on runlevel [!023456]

console output

pre-start exec /lib/ufw/ufw-init start quiet
post-stop exec /lib/ufw/ufw-init stop

EDIT 1

xxx@xxx ~ $ sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
22                         ALLOW       Anywhere
69                         ALLOW       Anywhere
22                         ALLOW       Anywhere (v6)
69                         ALLOW       Anywhere (v6)

Answer 5

UFW is just wraper for iptables and it handles only filter table. So you can use both UFW and iptables-persistant but remove filter rules from /etc/iptables/rules.v4, and leave others if you have it (nat table, raw, etc)