Skip to content

Fix UFW Persistence #1429

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 7, 2025
Merged

Fix UFW Persistence #1429

merged 2 commits into from
Sep 7, 2025
+14 −0

Conversation

@martinmose
Copy link
Contributor

@martinmose martinmose commented Sep 3, 2025
edited
Loading

I noticed UFW looked fine on first run but went inactive after a reboot.

What’s fixed

  • UFW was enabled with ufw --force enable but didn’t survive reboots because the systemd service wasn’t enabled
  • Added systemctl enable ufw so the firewall stays active after restart
  • Added a migration script (migrations/1756911131.sh) to fix this for existing installs

Why

Without the systemd service ufw status shows inactive after a reboot, leaving systems unprotected

Side note: SSH defaults

Right now SSH on port 22 is open by default. That feels a bit too open for Omarchy’s “sane defaults”?

Suggestion:

  • Don’t allow SSH by default
  • Recommend Tailscale first (omarchy-install-tailscale) before enabling port 22.
    (SSH can also work without opening port 22 by running: sudo tailscaled up --ssh)
  • Document how to enable SSH manually (e.g. ufw allow 22/tcp) for those who need it

roberto-aguilar
roberto-aguilar reviewed Sep 3, 2025
View reviewed changes
roberto-aguilar
roberto-aguilar reviewed Sep 3, 2025
View reviewed changes
@martinmose
Copy link
Contributor Author

@roberto-aguilar thanks a lot for the review. Good feedback. I have commited both.

@roberto-aguilar roberto-aguilar mentioned this pull request Sep 5, 2025
Closed
@martinmose
Copy link
Contributor Author

This issue #1423 was created before the pull request - I just wanted to link them here for reference.

@dhh dhh changed the base branch from master to dev September 7, 2025 18:48
@dhh dhh merged commit 3d07560 into basecamp:dev Sep 7, 2025
@dhh dhh mentioned this pull request Sep 7, 2025
Closed
@slamotte slamotte mentioned this pull request Oct 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@roberto-aguilar roberto-aguilar roberto-aguilar left review comments

@killeik killeik killeik left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@martinmose @roberto-aguilar @killeik @dhh