[SOLVED] firewall does not remember to be up on reboot

Forum Forums Official Releases antiX-23 “Arditi del Popolo [SOLVED] firewall does not remember to be up on reboot

Tagged: 

  • This topic has 13 replies, 5 voices, and was last updated Sep 14-6:32 pm by abc-nix.
Viewing 14 posts - 1 through 14 (of 14 total)
  • Author
    Posts
  • #116768
    Member
    ATGhQlsvhij19tw5jgDi

      Hi,
      been using antix since last few versions.

      With the current antix23 64-bit runit the firewall does not stay up after the reboot

      user@antix1:~
      $ sudo ufw enable
      doas (user@antix1) password: 
      Firewall is active and enabled on system startup
      user@antix1:~
      $ sudo ufw status verbose
      Status: active
      Logging: on (low)
      Default: deny (incoming), allow (outgoing), disabled (routed)
      New profiles: skip
      user@antix1:~

      I have also used the GUI found into control centre but same issue.

      Any suggestion?

      Thank you.

      A.

      • This topic was modified 9 months, 2 weeks ago by ATGhQlsvhij19tw5jgDi.
      #116769
      Member
      ATGhQlsvhij19tw5jgDi

        sorry forgot to clarify that

        a) I have checked into “runit service manager” and ufw startup says “yes”
        b) I have searched “firewall” into the forum to see there is any similar topic but none came up

        #116770
        Member
        sybok

          Naive questions (since I do not use runit version, at least not yet, and I am no expert):
          1) Is firewall properly turned on after a fresh-start (from previous shutdown)?
          2) Could it be a ‘cron’ related issue (*something* is not called during the startup)?

          #116771
          Member
          ATGhQlsvhij19tw5jgDi

            thank you sybok for your answer.

            1) like I said in my first post, no
            2) I dont think so

            please refer to the attachment for the situation after (re)boot, despite I gave all the terminal commands mentioned in my fist post this in thread.

            Thank you.

            A.

            Attachments:
            #116773
            Member
            abc-nix

              Please give us the output of
              cat /etc/sv/ufw/run

              This is my output:

              $ cat /etc/sv/ufw/run
              #!/usr/bin/env /lib/runit/invoke-run
              set -e
              NAME="ufw"
              DAEMON=/usr/sbin/ufw
              # Exit service if DAEMON is not installed
              if [ ! -x $DAEMON ]; then
              	exit 161
              fi
              # Exit if missing libraries
              [ -d /usr/lib/ufw ] || exit 161
              # Load configuration
              . /etc/ufw/ufw.conf
              # Only start if enabled
              if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
              	/usr/lib/ufw/ufw-init start quiet
              else
              	exit 161
              fi
              exec 2>&1
              exec chpst -b $DAEMON pause

              I just enabled the ufw first with your first command posted, then enabled the service in runit-service-manager and enabled startup. Rebooted and it seems to be working:

              $ sudo ufw status verbose
              Status: active
              Logging: on (low)
              Default: deny (incoming), allow (outgoing), disabled (routed)
              New profiles: skip

              Tonight I will log back and see what you share with us. In the meantime, someone else may be able to help you.

              #116774
              Member
              ATGhQlsvhij19tw5jgDi
                $ cat /etc/sv/ufw/run
                cat: /etc/sv/ufw/run: No such file or directory
                #116775
                Member
                ATGhQlsvhij19tw5jgDi

                  everything I action into runit service manager’s gui regarding ufw does not do anything, the gui flashes a fraction of second but the values remains the same (removing ufw, enabling or disabling logs/startups).

                  I also tried to –reinstall ufw but nothing changed.

                  I do not recall to have played with ufw apart from giving once the command below after the fresh installation and forgot about it

                  sudo ufw enable

                  Can anyone using my same OS (antix 23 FULL 64-bit runit) replicate this?

                  Thanks.

                  A.

                  #116776
                  Moderator
                  caprea

                    Can anyone using my same OS (antix 23 FULL 64-bit runit) replicate this?

                    Yes.

                    LANG=C cat /etc/sv/ufw/run
                    cat: /etc/sv/ufw/run: No such file or directory

                    The symlink /etc/sv/ufw is missing here, same behavior like on your system.

                    #116777
                    Member
                    abc-nix

                      `$ cat /etc/sv/ufw/run
                      cat: /etc/sv/ufw/run: No such file or directory`

                      You are missing the ufw runit service. I am not sure if this was a bug in your installation or an issue in one of the antiX ISOs.

                      Use your file manager to navigate to /etc/sv/ufw/
                      If you see there are no “run” and “finish” files, it means the service files are missing. I will share them below for you to create them to solve this problem now.

                      Create a run and finish file for ufw
                      sudo touch /etc/sv/ufw/run /etc/sv/ufw/finish

                      Make them executable
                      sudo chmod +x /etc/sv/ufw/run /etc/sv/ufw/finish

                      Edit them with your preferred text editor as root and copy over the content I will share with you now.

                      Content for /etc/sv/ufw/run

                      #!/usr/bin/env /lib/runit/invoke-run
                      set -e
                      NAME="ufw"
                      DAEMON=/usr/sbin/ufw
                      # Exit service if DAEMON is not installed
                      if [ ! -x $DAEMON ]; then
                      	exit 161
                      fi
                      # Exit if missing libraries
                      [ -d /usr/lib/ufw ] || exit 161
                      # Load configuration
                      . /etc/ufw/ufw.conf
                      # Only start if enabled
                      if [ "$ENABLED" = "yes" ] || [ "$ENABLED" = "YES" ]; then
                      	/usr/lib/ufw/ufw-init start quiet
                      else
                      	exit 161
                      fi
                      exec 2>&1
                      exec chpst -b $DAEMON pause

                      Content for /etc/sv/ufw/finish

                      #!/bin/sh
                      set -e
                      /usr/lib/ufw/ufw-init stop
                      . /lib/runit/finish-default "$@"

                      Save and reboot.

                      For now, you will have your issue fixed. Please, can others check if their ufw runit services are also missing? I cannot test this until tonight, so other user’s input will help a lot.

                      • This reply was modified 9 months, 2 weeks ago by abc-nix. Reason: missing code tags
                      #116779
                      Member
                      abc-nix

                        Can anyone using my same OS (antix 23 FULL 64-bit runit) replicate this?

                        Yes.

                        LANG=C cat /etc/sv/ufw/run
                        cat: /etc/sv/ufw/run: No such file or directory

                        Thanks, caprea, for confirming the issue. Tonight I will check the service package source and see if I can send a fix to anticapitalista.

                        #116780
                        Member
                        Xunzi_23

                          Also can confirm.

                          Thank you all and especially abc-nix for quick fix

                          #116785
                          Member
                          ATGhQlsvhij19tw5jgDi

                            thank you to all.
                            The proposed quick fix has worked for me.

                            #116829
                            Member
                            sybok

                              Since the issue has been resolved, please mark the thread solved by editing the 1st post, respectively its title and prepend (or append) ‘[SOLVED]’ to it (can be done within first 24 or 48 hours since the 1st post, otherwise please ask a forum administrator using ‘Contact us’ at the bottom of the forum web-page).

                              #116839
                              Member
                              abc-nix

                                Ok. I am back after checking the live antiX 23 full.
                                The ufw package installed comes directly from Debian, and they don’t include any service configuration for runit. The strange thing is that the package should include the sysvinit init script, but it didn’t get included in the ISO.
                                If you purge the ufw package and installed it again, it will install the sysvinit init service correctly.

                                My uneducated guess is: Originally during testing, the antiX version of the ufw package was getting correctly installed, but at some point before the final release, Debian updated their package, and it got included in the final release instead of the antiX one. I think the ISO creation scripts removed the init script to avoid redundancy, but missed that the runit service was missing.

                                For now, there are 2 workarounds:
                                A. Remove the ufw package and install it again.
                                B. Create the runit service as described above.

                                No matter the option you take, they will both work. Future updates will probably fix this issue and include the antiX’s runit service, but it isn’t a requirement thanks to antiX’s sysvinit compatibility.

                                Thanks to all who found the issue, tested and verified both the issue and the fix.

                                • This reply was modified 9 months, 2 weeks ago by abc-nix. Reason: Thanks
                              Viewing 14 posts - 1 through 14 (of 14 total)
                              • You must be logged in to reply to this topic.