Should UFW rules be automatically or manually added for nfs-kernel-server when installing?

Asked by Przemysław Kośka on 2020-01-12

Dear maintainers,

I've discovered in Ubuntu 18.04.3 LTS, when installing nfs-kernel-server, that UFW rules are not getting configured and the user has to manually add ports to expose the NFS server to outside world.

Is it an expected behavior? Do I need to submit a bug on launchpad?

Thanks in advance.

Question information

English Edit question
Ubuntu nfs-utils Edit question
No assignee Edit question
Last query:
Last reply:
Bernard Stafford (bernard010) said : #1

That is an expected behavior for UFW.

Advanced Functionality

As mentioned, the ufw application is capable of doing anything that iptables can do. This is achieved by using several sets of rules files, which are nothing more than iptables-restore compatible text files. Fine-tuning ufw and/or adding additional iptables commands not offered via the ufw command is a matter of editing various text files1:

    /etc/default/ufw: high level configuration, such as default policies, IPv6 support and kernel modules to use

    /etc/ufw/before[6].rules: rules in these files are evaluated before any rules added via the ufw command

    /etc/ufw/after[6].rules: rules in these files are evaluated after any rules added via the ufw command

    /etc/ufw/sysctl.conf: kernel network tunables

    /var/lib/ufw/user[6].rules or /lib/ufw/user[6].rules (0.28 and later): rules added via the ufw command (should not normally be edited by hand)

    /etc/ufw/ufw.conf: sets whether or not ufw is enabled on boot, and in 9.04 (ufw 0.27) and later, sets the LOGLEVEL

    /etc/ufw/after.init: initialization customization script run after ufw is initialized (ufw 0.34 and later)

    /etc/ufw/before.init: initialization customization script run before ufw is initialized (ufw 0.34 and later)

After modifying any of the above files, activate the new settings with:

$ sudo ufw disable
$ sudo ufw enable

The Linux kernel includes the Netfilter subsystem, which is used to manipulate or decide the fate of network traffic headed into or through your server. All modern Linux firewall solutions use this system for packet filtering.

The kernel's packet filtering system would be of little use to administrators without a userspace interface to manage it. This is the purpose of iptables: When a packet reaches your server, it will be handed off to the Netfilter subsystem for acceptance, manipulation, or rejection based on the rules supplied to it from userspace via iptables. Thus, iptables is all you need to manage your firewall, if you're familiar with it, but many frontends are available to simplify the task.

I provided some helpful documentation that will help explain. Hope this helps.

Can you help with this problem?

Provide an answer of your own, or ask Przemysław Kośka for more information if necessary.

To post a message you must log in.