1

I used a script to set up iptables rules and then made them persistent with iptables-persistant. This is described here as a means to prevent a certain user sending traffic over eth0 so it can just use tun0 aka a VPN.

But I also use ufw to easily manage firewall rules.

Now, if I make the rules persistant ufw seems not beeing able to load its own rules on top of that.

Is this a basic conflic? Or should I be able to solve it?

Of course I could make the rules persistant after I added sudo ufw enable but then any changes to ufw afterwards would have to be persistet, too. This is something I want to avoid because it might be a cause for errors.

Improve this question
2
  • I put an nft script in /etc/nft.d/ and got no conflicts. I use nft as it is newer and easier to use. Commented Jan 5, 2021 at 13:24
  • > Now, if I make the rules persistant ufw seems not beeing able to load its own rules on top of that. @Ben what sort of errors are you getting? Commented Apr 28, 2021 at 1:53

1 Answer 1

Reset to default
1

Yes, ufw is compatible with netfilter-persistent. It's loaded separately. You can tell by listing the systemd unit files:

% systemctl list-unit-files --state=enabled | egrep "netfilter-persistent|ufw"
netfilter-persistent.service          enabled
ufw.service                           enabled

That said, it's harder to manage firewall rules with two tools instead of just one. UFW is mostly isolated from other IPtables rules, but it is possible to accidentally add a rule via the iptables command that interferes with ufw rules and visa versa.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.