Firewalld does not start at boot

Question

I have installed firewalld and uninstalled ufw with the following commands:

sudo apt install firewall-applet
sudo systemctl start firewalld
sudo systemctl enable firewalld

It works but does not start on its own on restart.

$ sudo systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset
Active: inactive (dead)

May 10 18:39:03 Yyyy systemd[1]: Stopped firewalld - dynamic firewall daemon. lines 1-5/5 (END)

My laptop is running Ubuntu 16.04 LTS.

The output of sudo systemctl status iptables.service:

● iptables.service
Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)

Iptables is installed. The output of dpkg -s iptables

Package: iptables
Status: install ok installed
Priority: important
Section: net
Installed-Size: 1624
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Architecture: amd64
Version: 1.6.0-2ubuntu3
Depends: libxtables11 (= 1.6.0-2ubuntu3), libc6 (>= 2.14), libnfnetlink0
Description: administration tools for packet filtering and NAT
 iptables is the userspace command line program used to configure
 the Linux packet filtering ruleset. It is targeted towards system
 administrators. Since Network Address Translation is also configured
 from the packet filter ruleset, iptables is used for this, too. The
 iptables package also includes ip6tables. ip6tables is used for
 configuring the IPv6 packet filter
Homepage: http://www.netfilter.org/
Original-Maintainer: iptables devel team <pkg-netfilterdevel@lists.alioth.debian.org>

I tried sudo firewalld-cmd --runtime-to-parmanent but it does not help firewalld start at boot.

Thanks

Please run this and give the result: sudo systemctl status iptables — George Udosen, May 10 '17 at 23:48
@George iptables is disabled and inactive. I have updated the question with the output. — user68186, May 11 '17 at 01:24
Did you mask the iptables as well...sudo systemctl mask iptables while setting up firewalld? — George Udosen, May 11 '17 at 06:44
Please run this systemctl status firewalld and lets see what it says — George Udosen, May 14 '17 at 13:36
It says the same thing it said on lines 7 through 11. That is the second code snippet I posted in my original question. Active: Inactive (dead). — user68186, May 14 '17 at 18:21
Tried installing it on my VM without any settings made to it. I didn't even have to enable it - it was auto enabled after the install. Maybe try purging and reinstalling it? — Ziazis, May 17 '17 at 10:26
@Ziazis It does show up immediately after the install. However, after a reboot it does not start by itself. To be sure, I purged and installed and got the same result. Please restart the computer after installing and confirm that the applet starts when you log in after the restart. — user68186, May 17 '17 at 17:40
Yes, I did restart the system. It started automatically for me. — Ziazis, May 17 '17 at 18:21
Thanks. It means something in my system is preventing it from starting. The question is how to figure out what is it? — user68186, May 17 '17 at 18:26
It could be apparmor or maybe you still have another firewall running? Are you sure uwf is completly gone? — Ziazis, May 18 '17 at 08:49

Shakti Phartiyal · Answer 1 · 2017-05-18T12:49:15.113

5

One way to start the firewall on the startup is to run it using cron using the @reboot attribute:

open up a terminal and type :

sudo crontab -e

at the end of the file enter the command:

@reboot systemctl start firewalld

save the file and exit.

The above command will run the command once everytime computer boots up.

UPDATE

Method 2

If you have access to the GUI of ubuntu then open the dash by hitting the start button (windows key).

Type in startup Applications and click on the startup applications icon.

You will get as screen like so:

Click on the Add button and Add the command like so:

And click Add.

You are good to go.

edited May 18 '17 at 12:49

answered May 18 '17 at 09:59

Shakti Phartiyal

558

1

This seems to work! Thank you very much. I will wait a couple of days and make sure it works well and no better answer comes up. – user68186 May 18 '17 at 10:37
@user68186 great.. looking forward to the bounty.. :) – Shakti Phartiyal May 18 '17 at 12:43
1

Regarding the Method 2 do you need sudo before systemctl? – user68186 May 18 '17 at 16:06
in my opinion this answer should be marked as an acceptable answer!! – Sobhan Oct 21 '20 at 08:43

score 3 · Accepted Answer · answered Apr 23 '18 at 13:27

I also hit same problem as OP on my newly installed Ubuntu 16.04.4.

I've checked the service file - /lib/systemd/system/firewalld.service It says firewalld conflict with iptables.service ip6tables.service ebtables.service ipset.service

Then I find ebtables.service is installed and enabled; After disabling and masking it by

sudo systemctl disable ebtables
sudo systemctl mask ebtables

firewalld can be started without any other script/trick after reboot, of coz it should be enabled.

So the root cause of my problem is - ebtables.service prevent firewalld.service from being started.

It works and this is a better solution. Thanks! – user68186 Apr 23 '18 at 13:58 — user68186, Apr 23 '18 at 13:58

score 3 · Answer 3 · answered May 13 '17 at 00:49

3

A little poking around in the firewalld documentation turned up this page. It appears that you may need to set up a "permanent configuration", which will be loaded at every service stop/restart or machine boot. firewall-cmd --runtime-to-permanent will take your existing runtime configuration (once you have it set up correctly and working, of course) and migrate it to permanent.

That's the only suggestion I can offer; hopefully it helps.

answered May 13 '17 at 00:49

jcgoble3

143
5

Thanks for the idea. I tried it, but it had no effect. Firewlld still does not start at boot. – user68186 May 23 '17 at 11:14

score 0 · Answer 4 · answered May 01 '19 at 17:56

While I do not believe this is the original posters problem, many users ran into this issue due to a bug in ubuntu 19.04.

https://bugs.launchpad.net/ubuntu/+source/firewalld/+bug/1826187

If you need to fix this issue simply run the following commands.

sudo su
ln -s /sbin/iptables /usr/sbin/
ln -s /sbin/iptables-restore /usr/sbin/
ln -s /sbin/ip6tables /usr/sbin/
ln -s /sbin/ip6tables-restore /usr/sbin/
service firewalld restart
service firewalld status
exit

It should output something like this.

● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-05-01 13:37:29 EDT; 2s ago Docs: man:firewalld(1) Main PID: 8568 (firewalld) Tasks: 2 (limit: 19660) Memory: 27.5M CGroup: /system.slice/firewalld.service └─8568 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

May 01 13:37:28 prismatic systemd[1]: Starting firewalld - dynamic firewall daemon... May 01 13:37:29 prismatic systemd[1]: Started firewalld - dynamic firewall daemon.

Firewalld does not start at boot

4 Answers4

Linked