Firewall-Login Incident

Neal · November 7, 2025, 1:13pm

An incident occurred yesterday, which I was able to resolve, but I'm curious if someone can shed some light on what might have happened. (I am running 17.3 and keep the system and software updated daily). I was checking my Network Settings and noticed that my Firewall (UFW) was turned off. I turned it on. On the next reboot, after logging in with my password and pressing enter, the screen simply went black. I rebooted into Recovery Mode and tried different options. "sudo ufw status" said that ufw was "inactive." I ended up dropping down into root (Yikes!) and disabling UFW on bootup (sudo ufw disable) and that solved the problem. Obviously, I don't want to leave the Firewall turned off. Could this be connected to the fact that my computer has an Nvidia card?

Aravisian · November 7, 2025, 1:46pm

This is an odd one. How many rules have you added to UFW?

Ponce-De-Leon · November 7, 2025, 1:52pm

Do You use a VPN by default? If yes, I would suggest to turn it off and then try it again.

Neal · November 7, 2025, 2:16pm

Thanks for responding. I didn't add any rules ... just default settings: Incoming - Allowed and Outgoing - Blocked as I recall.

Neal · November 7, 2025, 2:17pm

Thanks for responding. No, I don't use a VPN.

zabadabadoo · November 7, 2025, 3:38pm

You will have us all looking at our UFW status now.

zenzen · November 7, 2025, 3:42pm

Let's check a few things:

The status of UFW and rules enabled
```
sudo ufw status verbose
```
Any errors caused by it at boot:
```
sudo systemctl status ufw
```
And any logs just in case:
```
sudo journalctl -xe
```

Do you have any other services that depend on network services right at boot?

wesoliv429 · November 7, 2025, 4:42pm

wait did he say incoming allowed out going denyed? that needs to be reversed if so should be incoming denyed outgoing allowed

zenzen · November 7, 2025, 4:57pm

Yeah, but I figure that is a mistake in the order of words. The default settings are indeed like that: block incoming traffic, but allow outgoing. It would be extremely weird if that is indeed how is setup as is. But, let's wait for the actual output to see what is happening.

Ponce-De-Leon · November 7, 2025, 5:44pm

Could You make a Screenshot of the Firewall Settings please?

Neal · November 10, 2025, 5:09pm

Thanks for responding, but I disabled the UFW from even starting at login and I'm not going near the "Firewall Configuration" button out of fear of triggering another white-knuckle experience

Neal · November 10, 2025, 5:13pm

Oops ... I think I got that backward ... the default settings are "Incoming - Blocked" and "Outgoing - Allowed."

Neal · November 10, 2025, 5:24pm

Thanks for responding!

The first command returns: Status: inactive
The second command returns: ● ufw.service - Uncomplicated firewall
Loaded: loaded (/lib/systemd/system/ufw.service; enabled; vendor preset: enabled)
Active: active (exited) since Sun 2025-11-09 20:28:00 CST; 14h ago
Docs: man:ufw(8)
Process: 461 ExecStart=/lib/ufw/ufw-init start quiet (code=exited, status=0/SUCCESS)
Main PID: 461 (code=exited, status=0/SUCCESS)
CPU: 776us

Nov 09 20:28:00 teacherneal-G434 systemd[1]: Starting Uncomplicated firewall...
Nov 09 20:28:00 teacherneal-G434 systemd[1]: Finished Uncomplicated firewall.

The third command returns: systemctl: invalid option -- 'x'

I don't know if there are other services that depend on network services right at boot.

zenzen · November 11, 2025, 6:11pm

Oops, that's my bad. That last command should've been sudo journalctl -xe (I've edited my previous post).

You can also check any active services that you have right now but launching the firewall and moving into the Report tab. It's not conclusive, but might point towards something unusual.

Neal · November 11, 2025, 7:40pm

The command sudo journalctl -xe returns:

A start job for unit UNIT has finished successfully.
░░
░░ The job identifier is 803.
Nov 11 13:37:00 teacherneal-G434 sudo[26688]: teacherneal : TTY=pts/0 ; PWD=/home/teacherneal ; USER=root ; COMMAND=/usr/bin/journalctl -xe
Nov 11 13:37:00 teacherneal-G434 sudo[26688]: pam_unix(sudo:session): session opened for user root(uid=0) by (uid=1000)
~
~
~
~
~
~
~
~
~
~
~
~
~
lines 1902-1924/1924 (END)
░░
░░ A start job for unit UNIT has begun execution.
░░
░░ The job identifier is 783.
Nov 11 13:36:16 teacherneal-G434 dbus-daemon[1288]: [session uid=1000 pid=1288] Successfully activated service 'org.gnome.Terminal'
Nov 11 13:36:16 teacherneal-G434 systemd[1271]: Started GNOME Terminal Server.
░░ Subject: A start job for unit UNIT has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support
░░
░░ A start job for unit UNIT has finished successfully.
░░
░░ The job identifier is 783.
Nov 11 13:36:16 teacherneal-G434 systemd[1271]: Started VTE child process 26673 launched by gnome-terminal-server process 26649.
░░ Subject: A start job for unit UNIT has finished successfully
░░ Defined-By: systemd
░░ Support: http://www.ubuntu.com/support

zenzen · November 12, 2025, 9:36am

Check also in the Reports tab from the Firewall Configuration, see if there are any active services running that the firewall might be blocking. I don't really expect anything unusual but at this point is worth checking it all the same.

Neal · November 20, 2025, 2:34pm

Oops, my mistake, I meant "Incoming - Blocked" and "Outgoing - Allowed".

Neal · November 20, 2025, 2:38pm

Thanks to everyone for your input. I'm keeping UFW turned off as I contacted my ISP and my modem/router has a built-in firewall with default settings "Incoming - Blocked" and "Outgoing - Allowed". Since turning on UFW would be redundant, I'm going to let the matter rest until after I've set up backups of the System using Timescape, back-up of Home using Deja Dup and have upgraded to Zorin 18.