- This topic has 23 replies, 7 voices, and was last updated Oct 28-6:48 am by Anonymous.
-
Posts
-
Anonymous
When I start up my full installation of antiX 19, I see the following
message on the screen.Starting firewall: ufw...Setting kernel variables (/etc/ufw/sysctl.conf)Do you get this message or something else regarding ufw?
If you do get the message, then something maybe turning off ufw.
You can run the following command to see if your installation meets
the requirements for using ufw:sudo /usr/share/ufw/check-requirementsWhat type of installation do you have and which Linux kernel image
are you using?No.Im not getting ‘Starting firewall: ufw…’message.
sudo /usr/share/ufw/check-requirements command says ‘All tests passed’
This is frugal install and the kernel is 5.2.15-antix.1-amd64-smp.During startup I noticed one line
SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.31:Is this related to ufw?
model99
I have a feeling ufw not starting on boot up is related to your frugal installation.
I don’t think SELinux is part of the problem.
When you manually start ufw after boot up, does ufw appear to be operating normally?
You could do the command:
sudo iptables --listto see if all the ufw rules appear to be in place.
I have a feeling ufw not starting on boot up is related to your frugal installation.
I don’t think SELinux is part of the problem.
When you manually start ufw after boot up, does ufw appear to be operating normally?
You could do the command:
sudo iptables --listto see if all the ufw rules appear to be in place.
demo@antix1:~ $ sudo ufw status Status: inactive demo@antix1:~ $ sudo ufw enable Firewall is active and enabled on system startup demo@antix1:~ $ sudo iptables --list Chain INPUT (policy DROP) target prot opt source destination ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere Chain ufw-before-logging-input (1 references) target prot opt source destination Chain ufw-before-logging-output (1 references) target prot opt source destination Chain ufw-before-logging-forward (1 references) target prot opt source destination Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INVALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST Chain ufw-after-output (1 references) target prot opt source destination Chain ufw-after-forward (1 references) target prot opt source destination Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-after-logging-output (1 references) target prot opt source destination Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-reject-input (1 references) target prot opt source destination Chain ufw-reject-output (1 references) target prot opt source destination Chain ufw-reject-forward (1 references) target prot opt source destination Chain ufw-track-input (1 references) target prot opt source destination Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere ctstate NEW ACCEPT udp -- anywhere anywhere ctstate NEW Chain ufw-track-forward (1 references) target prot opt source destination Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] " Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] " Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere Chain ufw-user-input (1 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination Chain ufw-user-forward (1 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere demo@antix1:~ $
caprea
This thread deals with the permanent starting of ufw at live-usb, but probably has useful approaches.
https://www.antixforum.com/forums/topic/how-to-get-ufw-firewall-running-at-start-up-on-a-live-session/Many thanks @caprea.As @partsman said in that thread I added
# edited by me the user to start ufw ufw enableto /etc/rc.local file.Now ufw enabled at start.
Thank you so much @model99
I have a feeling ufw not starting on boot up is related to your frugal installation.
You guessed right.
anticapitalista
Since you are running frugal, ufw is disbled by the extra lean cheat (x) so at boot menu, change disable=lx to disable =l
Philosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
Since you are running frugal, ufw is disbled by the extra lean cheat (x) so at boot menu, change disable=lx to disable =l
Thanks anti.The default in core frugal is ‘disable=lxdF’.Already removed ‘d’ for dbus.Now l and F only remains.May I know what are these (disable=lF) cheats for?
anticapitalista
The lx cheats are there on live system to speed up boot and use less RAM. m is used to disable networking and d disables dbus. F is used for the splash screen image during boot.
LEAN_SERVICES= cheat l
acpi-fakekey
acpi-support
bluetooth
bootlogs
#cherokee
cpufrequtils
cron
cups
irqbalance
loadcpufreq
nfs-common
rpcbind
rsync
saned
smartmontools
ssh
stop-bootlogd
sudo
#transmission-daemonXTRA_LEAN_SERVICES= cheat x
bootlogd
cryptdisks
cryptdisks-early
dns-clean
#eeepc-acpi-scripts
hdparm
hwclock.sh
hwclockfirst.sh
ifupdown-clean
lm-sensors
lvm2
mountnfs-bootclean.sh
mountoverflowtmp
nfs-common
pcmciautils
policykit
pppd-dns
#svgalib-bin
ufw
urandomMEAN_SERVICES= cheat m
avahi-daemon
dnsmasq
ifplugd
mountnfs-bootclean.sh
mountnfs.sh
network-manager
networking
nfs-common
nfs-kernel-server
ntp
pppd-dns
resolvconf
rpcbind
smbd
ufwNO_DBUS_SERVICES= cheat d
dbusPhilosophers have interpreted the world in many ways; the point is to change it.
antiX with runit - leaner and meaner.
The lx cheats are there on live system to speed up boot and use less RAM. m is used to disable networking and d disables dbus. F is used for the splash screen image during boot.
Many thanks anti.
- You must be logged in to reply to this topic.
