2

I noticed that the package UFW had been removed from a server, but do not recall having manually removed it. Looking at the logs at /var/log/apt/history.log, I noticed this entry:

Start-Date: 2024-06-24  18:56:55
Commandline: apt-get install -y iptables-persistent
Requested-By: ealfonso (1000)
Install: iptables-persistent:amd64 (1.0.20), netfilter-persistent:amd64 (1.0.20, automatic)
Remove: ufw:amd64 (0.36.2-1)
End-Date: 2024-06-24  18:57:06

I did request iptables-persistent to be installed. Does the log above indicate that the UFW removal was triggered by installing iptables-persistent?

From the iptables-persistent package description there doesn't appear to be a direct conflict with UFW, and according to this answer, UFW can be compatible with iptables-persistent.

Improve this question
5
  • Does the log above indicate that the UFW removal was triggered by installing iptables-persistent? Yes. A tip for the future: Avoid using -y if you don't want unpleasant surprises. Commented Jun 25, 2024 at 14:57
  • Why does ` iptables-persistent` automatically uninstall ufw? Is there a conflict in one of the dependencies? Commented Jun 25, 2024 at 15:00
  • 3
    it's a conflict in functionality. They modify the same thing: iptables setup Commented Jun 25, 2024 at 15:02
  • Why is it a conflict? I can modify iptables rules manually on top of a running UFW, why should iptables-persistent be any different? What is the actual mechanism that triggers the removal of UFW? Commented Jun 25, 2024 at 15:55
  • @ealfonso "I can modify iptables rules manually on top of a running UFW" – Yes, but… Commented Jun 25, 2024 at 16:27

1 Answer 1

Reset to default
4

If you run apt show ufw, you’ll see:

[…]
Breaks: iptables-persistent, netfilter-persistent
[…]

So ufw can’t be installed at the same time as either iptables-persistent or netfilter-persistent, and this is enforced by apt. The reasoning is given in ufw’s changelog:

Breaks with iptables-persistent and netfilter-persistent. When ufw is installed, it is not enabled by default, so it doesn't interfere with other firewall software (until it is enabled). In contrast, iptables-persistent and netfilter-persistent install enabled, which interferes with ufw. Add a breaks on these to avoid them being co-installed with ufw (and causing problems for users).

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.