i want to setup a server in my local network and i want to disable my ufw. After i have checked the web i have seen that i need to run the command: "sudo ufw disable".
after i have used the command my terminal responds: "firewall stopped and disabled on system startup". afterwards i restart my machine and after run the command: "systemctl status ufw".
when i run the given command it says that my ufw is "active (exited)". it seems that my firewall is still blocking my activities.
how can i completely disable my firewall then? please help. BTW i have seen ways to delete all the rules on the firewall, but i don't want that, i want a way that i can simply turn on/off my firewall whenever i need.
Thanks!
2 Answers
systemctl and ufw are telling you different things.
When the systemd service named ufw is enabled, then systemd will start the service at boot time. If we look at what that means:
$ cat /lib/systemd/system/ufw.service
[Unit]
Description=Uncomplicated firewall
Documentation=man:ufw(8)
DefaultDependencies=no
Before=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/lib/ufw/ufw-init start quiet
ExecStop=/lib/ufw/ufw-init stop
[Install]
WantedBy=multi-user.targetwe can see that it executes /lib/ufw/ufw-init start quiet. In turn, if we look there, we see:
# Debian/Ubuntu: small boot speed improvement
. "${rootdir}/etc/ufw/ufw.conf"
if [ "$1" = "start" ] && [ "$2" = "quiet" ] && [ "$ENABLED" = "no" ]; then exit 0
fii.e. it sources ${rootdir}/etc/ufw/ufw.conf and checks the value of ENABLED. Finally, if you check /etc/ufw/ufw.conf you will see a section like
# Set to yes to start on boot. If setting this remotely, be sure to add a rule
# to allow your remote connection before starting ufw. Eg: 'ufw allow 22/tcp'
ENABLED=yeswhere ENABLED=yes toggles to ENABLED=no when you execute sudo ufw disable.
tl;dr the UFW service is enabled, but if UFW itself is disabled, none of its rules will be loaded.
1You won't be able to turn off the firewall as it is built into the kernel. You can stop iptables which will given exception to firewall rules.
sudo service iptables stop
Edited content based on comment:
In some cases if iptables has been replaced by firewalld, then we can use the below command to disable firewall. Try the below details.
2systemctl stop firewalld
systemctl disable firewalld
rm '/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service'
rm '/etc/systemd/system/
