Question on UFW

Hello, all. Have a question on UFW, which has me confused. When I first install and enable UFW via the command “sudo enable ufw” in a new Linux machine, I find out UFW remains enabled only for the duration of the current session, as, after a reboot, UFW returns to a disable status. I found out that by running the command “sudo systemctl enable ufw”, UFW remains enable persistently.

So, my confusion stems from why in the world would UFW does not remain persistently enabled by default after it has been explicitly enabled by the user. After all, if the user only wants it enabled temporarily, UFW can be easily disabled via a command, just as easily as it was enabled.

Thanks in advance for any help in understanding the idiosyncrasy behind this behavior.

Because Archlinux doesn’t believe in enabling services by default. From their point of view, enabling services by default is a Debian thing.

enable is a shell built-in, I’m not sure that command actually works.

Well, one thing you have to keep in mind is that GNU/Linux is a UNIX-style operating system, and thus a multiuser platform. A firewall is a system service, and must therefore be enabled as a system-wide service. Its job is not to be a firewall for any particular user’s network access only, but for the network access of the entire machine. That’s why it must be enabled via systemctl.

Now, you can of course also use the --user switch to systemctl, which means that ─ in this case ─ the firewall will only be enabled for your user account. But the bottom line is that a GNU/Linux system is by definition a multiuser computer operating system, not an appliance like Microsoft Windows. :slight_smile:

I’m pretty sure he’s referring to sudo ufw enable, which is a valid command.

On Cinnamon, GUFW had kept enabled since I first toggled the button at first use.

On KDE it was off at each reboot even if I had enabled it. I had to type the command to make it permanent.

There must be differences between DEs concerning service enabling.

No, it’s not. It’s a design decision by Archlinux. It’s not related to GNU/Linux being a multi user system.

Citation: systemd - ArchWiki

Ufw does not function without root permissions.

Well, asked and answered.

Thank you all for your most kind answers.

Unless I am badly mistaken, Arch Linux is a GNU/Linux operating system, and thus a multiuser system. systemd was also developed with that paradigm in mind.

Sure sure, but that’s not the reason why UFW isn’t enabled by default, that’s just a matter of ideology/design on Arch’s end.

I am the original poster, and I would like to clarify something. In most of the responses, I see they’re mentioning time and again that UFW is not enabled “by default”. If you kindly read my original post at the top, you will see I never expected this behavior. Instead, I was very clear in stating that I installed and I enabled UFW myself, hence, it is clear I was not expecting it to be enabled “by default”. My question was simply regarding the fact that after a reboot, UFW all by itself, without any intervention from me, reverts back to a disable state, a behavior which I find puzzling, as I (the user) had enabled it.

And yes, I meant to type “sudo ufw enable”, not “sudo enable ufw”, that was simply a typing error on my part in the original post.

Thanks

Well, yes, that is how systemd works. You have to enable it, and then it’ll be started as a daemon at boot time. And if you want to activate it in the moment itself as well, then you issue… :arrow_down:

sudo systemctl enable --now name_of_the_service

Its not that crazy …

https://wiki.archlinux.org/index.php/Uncomplicated_Firewall

Here you go … make sure service is enabled, and you need ufw enable only once.

But you must have the service running.

I dont think thats much of a design decision besides not doing extra things like making an alias for ‘enable’ to mean enable systemd service too, or that because you installed a package all related services are automatically enabled without user interaction … those things all sound weird and ‘extra’ to me.

1 Like

Thanks, guys, greatly appreciate all the info you’ve provided.

1 Like