Hello, all. Have a question on UFW, which has me confused. When I first install and enable UFW via the command “sudo enable ufw” in a new Linux machine, I find out UFW remains enabled only for the duration of the current session, as, after a reboot, UFW returns to a disable status. I found out that by running the command “sudo systemctl enable ufw”, UFW remains enable persistently.
So, my confusion stems from why in the world would UFW does not remain persistently enabled by default after it has been explicitly enabled by the user. After all, if the user only wants it enabled temporarily, UFW can be easily disabled via a command, just as easily as it was enabled.
Thanks in advance for any help in understanding the idiosyncrasy behind this behavior.
Well, one thing you have to keep in mind is that GNU/Linux is a UNIX-style operating system, and thus a multiuser platform. A firewall is a system service, and must therefore be enabled as a system-wide service. Its job is not to be a firewall for any particular user’s network access only, but for the network access of the entire machine. That’s why it must be enabled via systemctl.
Now, you can of course also use the --user switch to systemctl, which means that ─ in this case ─ the firewall will only be enabled for your user account. But the bottom line is that a GNU/Linux system is by definition a multiuser computer operating system, not an appliance like Microsoft Windows.
Unless I am badly mistaken, Arch Linux is a GNU/Linux operating system, and thus a multiuser system. systemd was also developed with that paradigm in mind.
I am the original poster, and I would like to clarify something. In most of the responses, I see they’re mentioning time and again that UFW is not enabled “by default”. If you kindly read my original post at the top, you will see I never expected this behavior. Instead, I was very clear in stating that I installed and I enabled UFW myself, hence, it is clear I was not expecting it to be enabled “by default”. My question was simply regarding the fact that after a reboot, UFW all by itself, without any intervention from me, reverts back to a disable state, a behavior which I find puzzling, as I (the user) had enabled it.
And yes, I meant to type “sudo ufw enable”, not “sudo enable ufw”, that was simply a typing error on my part in the original post.
Well, yes, that is how systemd works. You have to enable it, and then it’ll be started as a daemon at boot time. And if you want to activate it in the moment itself as well, then you issue…
Here you go … make sure service is enabled, and you need ufw enable only once.
But you must have the service running.
I dont think thats much of a design decision besides not doing extra things like making an alias for ‘enable’ to mean enable systemd service too, or that because you installed a package all related services are automatically enabled without user interaction … those things all sound weird and ‘extra’ to me.