I have a server with default deny and several UFW rules. UFW is enabled on startup (systemctl enable UFW). When I reboot only some of the rules don't get applied properly and I can't access some services. I can SSH into the server, and the lower ports (<1024) seem to work, but some services above 1024 still drop. If I execute ufw reload after a reboot, all begins to run fine.
For example, I have port 3493 allowed for NUT-Server. Always after a reboot this port is non-responsive until I run ufw reload:
3493 ALLOW x.x.x.x/16 # nut-server (UPS) Oddly, however, the Monero port works:
18081 ALLOW x.x.x.x/24 # Monero When 3493 doesn't work, if I telnet into the machine with telnet x.x.x.x 3493 telnet just waits and never gets a response, indicating to me that the firewall is simply dropping the request, as per my default ufw default deny.
Some other posts have pointed to iptables-persistent being the issue. I can confirm iptables-persistent and netfilter-persistent are purged from the system.
journalctl -u ufw shows success:
-
- Boot f2ba2f00ebfe490f81680a3d43f695f2 -- Jan 23 09:54:15 cryptoDaemon systemd[1]: Finished Uncomplicated firewall. -- Boot cba07123c3204957ad3490a34d9d1439 -- Jan 23 10:00:45 cryptoDaemon systemd[1]: Finished Uncomplicated firewall. I can confirm ufw is enabled in /etc/ufw/ufw.conf
UPDATE: To test I disabled ufw. Then, after a reboot I ran iptables -S. Oddly, there were rules.
Any help getting this working consistently would be appreciated.
