Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

ufw isn't working.
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
gaurav712
n00b
n00b


Joined: 12 Jan 2019
Posts: 24
Location: India
PostPosted: Sun Feb 24, 2019 5:07 am    Post subject: ufw isn't working. Reply with quote
When I add ufw to rc-update. It slows down my pc like hell. Booting takes thrice the time, X as well and ufw isn't active even after that "BOOT" . When I try putting it in .xinitrc as "sudo ufw enable &". It freezes the whole interface. And, that's not due to 'sudo' as I've configured visudo, so it doesn't ask for password when using ufw.
Back to top
View user's profile Send private message
unheatedgarage
n00b
n00b


Joined: 19 Sep 2016
Posts: 60
PostPosted: Tue Feb 26, 2019 11:33 am    Post subject: Reply with quote
gaurav712,

After trying UFW on-and-off for years, I finally gave up and took the plunge to learn more about Shorewall. It's well-documented with an active community. Lot's of Gentooers seem to use it, and it's been working just fine for me for about six months now.
_________________
I'm not even mad; I'm impressed!
Back to top
View user's profile Send private message
Goverp
Advocate
Advocate


Joined: 07 Mar 2007
Posts: 2185
PostPosted: Wed Feb 27, 2019 10:16 am    Post subject: Re: ufw isn't working. Reply with quote
gaurav712 wrote:
When I add ufw to rc-update. It slows down my pc like hell. Booting takes thrice the time, X as well and ufw isn't active even after that "BOOT" . When I try putting it in .xinitrc as "sudo ufw enable &". It freezes the whole interface. And, that's not due to 'sudo' as I've configured visudo, so it doesn't ask for password when using ufw.

You're doing something wrong. You only need to "ufw enable" once - it's a command line tool to switch the firewall on or off. As long as you have ufw in your default run-level, that's it.

I don't understand the performance hit. UFW just loads some (I presume, I use UFW to avoid having to understand that stuff) simple IPTables. Have you other firwall stuff that might be fighting it? or complex rules? My setup had just the defaults plus a few ports (rsync, NFS and the like) open to 192.168.0.0/24, and I notice no performance hit.
_________________
Greybeard
Back to top
View user's profile Send private message
Fitzcarraldo
Advocate
Advocate


Joined: 30 Aug 2008
Posts: 2056
Location: United Kingdom
PostPosted: Wed Feb 27, 2019 3:22 pm    Post subject: Re: ufw isn't working. Reply with quote
Goverp wrote:
gaurav712 wrote:
When I add ufw to rc-update. It slows down my pc like hell. Booting takes thrice the time, X as well and ufw isn't active even after that "BOOT" . When I try putting it in .xinitrc as "sudo ufw enable &". It freezes the whole interface. And, that's not due to 'sudo' as I've configured visudo, so it doesn't ask for password when using ufw.

You're doing something wrong. You only need to "ufw enable" once - it's a command line tool to switch the firewall on or off. As long as you have ufw in your default run-level, that's it.

I don't understand the performance hit. UFW just loads some (I presume, I use UFW to avoid having to understand that stuff) simple IPTables. Have you other firwall stuff that might be fighting it? or complex rules? My setup had just the defaults plus a few ports (rsync, NFS and the like) open to 192.168.0.0/24, and I notice no performance hit.


Similar to me. No problems with UFW. I just needed to configure UFW for Samba and for KDE Connect:

Code:
$ sudo ufw status verbose
Password:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
137,138/udp                ALLOW IN    192.168.1.0/24
139,445/tcp                ALLOW IN    192.168.1.0/24
1714:1764/udp              ALLOW IN    Anywhere
1714:1764/tcp              ALLOW IN    Anywhere

$ sudo tail -n 12 /etc/ufw/before.rules
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT

# Need the following to enable Samba commands to work properly
# in a network using broadcast NetBIOS name resolution.
#
# raw table rules
*raw
:OUTPUT ACCEPT [0:0]
-F OUTPUT
-A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns
COMMIT

_________________
Clevo W230SS: amd64, VIDEO_CARDS="intel modesetting nvidia".
Compal NBLB2: ~amd64, xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC systemd-utils[udev] elogind KDE on both.
My blog
Back to top
View user's profile Send private message
nubiocicarini
Tux's lil' helper
Tux's lil' helper


Joined: 20 Feb 2019
Posts: 80
Location: Brazil
PostPosted: Wed May 22, 2019 12:13 am    Post subject: Reply with quote
Did you configure the kernel according to the ufw wiki as well as iptables?

https://wiki.gentoo.org/wiki/Ufw

https://wiki.gentoo.org/wiki/Iptables
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy