Randomly getting stuck on boot after enabling UFW

Karsten

1/22/23, 3:13 AM

I tried to diagnose this problem for a few weeks from now, tried everything I could do (except disabling ufw) but to no avail.

System: Kubuntu 21.04 with kubuntu-ppa/backports

What I tried to do: Enable UFW through sudo ufw enable

What happened: Whenever I enabled UFW, the system may get stuck when booting / rebooting. There is no indication where the system got stuck. Entered tty on boot, found systemd-hostnamed loaded but failed to activate. Reason was timeout.

What I tried to do:

Disable networkmanager-wait-online.service
Disable NetworkManager's connectivity check
Attempting to start and save UFW rules with the dispatcher script from https://help.ubuntu.com/community/IptablesHowTo#Solution_.233_iptables-persistent

Error messages: https://imgur.com/K5FWGAK

Now this is frustrating, because I did set WatchdogSec=1min and DefaultStartTimeout=10s and DefaultStopTimeout=10s, none of it seemed to affect service timeout during boot.

It seems that UFW is conflicting with NetworkManager / systemd-hostnamed / DNS service. Of course, disabling ufw solves the problem, but not an option. This never happened to me on Ubuntu with the same set of applications installed, so I doubt it is VPN or other network services affecting this.

Edit #1: sudo ufw status verbose output:

karsten@karsten-kbt-pc:~ (・∀・)> sudo ufw status verbose
[sudo] password for karsten: 
Status: active
Logging: on (low)
Default: reject (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW IN    Anywhere                  
443                        ALLOW IN    Anywhere                  
53                         ALLOW IN    Anywhere                  
6881                       ALLOW IN    Anywhere                  
8881/udp                   ALLOW IN    Anywhere                  
1401/tcp                   ALLOW IN    Anywhere                  
1194:1197/udp              ALLOW IN    Anywhere                  
1300:1303/udp              ALLOW IN    Anywhere                  
1400/udp                   ALLOW IN    Anywhere                  
51820                      ALLOW IN    Anywhere                  
80/tcp (v6)                ALLOW IN    Anywhere (v6)             
443 (v6)                   ALLOW IN    Anywhere (v6)             
53 (v6)                    ALLOW IN    Anywhere (v6)             
6881 (v6)                  ALLOW IN    Anywhere (v6)             
8881/udp (v6)              ALLOW IN    Anywhere (v6)             
1401/tcp (v6)              ALLOW IN    Anywhere (v6)             
1194:1197/udp (v6)         ALLOW IN    Anywhere (v6)             
1300:1303/udp (v6)         ALLOW IN    Anywhere (v6)             
1400/udp (v6)              ALLOW IN    Anywhere (v6)             
51820 (v6)                 ALLOW IN    Anywhere (v6)

0 + 0

networking

ufw

systemd

matigo

1/22/23, 3:17 AM

Two questions for you: (1) is IPv6 enabled in UFW? (2) what is the outgoing policy for the system?

Karsten

1/22/23, 3:18 AM

@matigo 1) Yes, rules for ipv6 enabled 2)Allow outgoing reject incoming by default

matigo

1/22/23, 3:20 AM

Weird. Could you [edit] your question to include the output of `sudo ufw status verbose`? This will show the complete list of rules that the "uncomplicated" firewall is using, and it may reveal something.

Karsten

1/22/23, 3:22 AM

@matigo included the output. This happened even without any rules and was why I added rules.

matigo

1/22/23, 3:31 AM

Hmm ... the only difference I can see with your rules and the ones I have on servers is the incoming value is set to `reject` (as you also stated in a comment), whereas the default is generally `deny`. I don't *think* that should make a difference, though

Karsten

1/22/23, 3:37 AM

@matigo it is set to `reject` with plasma-firewall, I don't know if `deny` will make a difference though.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Randomly getting stuck on boot after enabling UFW

TH: การติดขัดแบบสุ่มเมื่อบูตหลังจากเปิดใช้งาน UFW

RO: Se blochează aleatoriu la pornire după activarea UFW

RU: Случайное зависание при загрузке после включения UFW

VI: Ngẫu nhiên bị kẹt khi khởi động sau khi bật UFW

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.