diff --git a/install/first-run/firewall.sh b/install/first-run/firewall.sh
index efd1159f18..c802467e49 100755
--- a/install/first-run/firewall.sh
+++ b/install/first-run/firewall.sh
@@ -17,6 +17,9 @@ sudo ufw allow in proto udp from 172.16.0.0/12 to 172.17.0.1 port 53 comment 'al
 # Turn on the firewall
 sudo ufw --force enable
 
+# Enable UFW systemd service to start on boot
+sudo systemctl enable ufw
+
 # Turn on Docker protections
 sudo ufw-docker install
 sudo ufw reload
diff --git a/migrations/1756911131.sh b/migrations/1756911131.sh
new file mode 100755
index 0000000000..6747ab06a7
--- /dev/null
+++ b/migrations/1756911131.sh
@@ -0,0 +1,11 @@
+echo "Enable UFW systemd service for existing installations"
+
+if omarchy-cmd-present ufw; then
+    if sudo ufw status | grep -q "Status: active\|22/tcp\|53317"; then
+        if ! systemctl is-enabled ufw >/dev/null 2>&1; then
+            sudo systemctl enable ufw --now
+            echo "UFW systemd service enabled"
+        fi
+    fi
+fi
+