From f482f22512b68e20f5ef1e2c4c848ade7d657183 Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Fri, 23 Jan 2026 03:42:02 -0600
Subject: fix(archsetup): enable ufw firewall with ufw enable command

systemctl start ufw.service only runs ufw-init which checks if
ENABLED=yes in /etc/ufw/ufw.conf. Without running 'ufw enable' first,
the firewall remains inactive. Added 'ufw --force enable' to actually
activate the firewall rules.
---
 archsetup | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'archsetup')

diff --git a/archsetup b/archsetup
index 6180b95..4b6b63a 100755
--- a/archsetup
+++ b/archsetup
@@ -890,12 +890,12 @@ EOF
     action="rate-limiting SSH to protect from brute force attacks" && display "task" "$action"
     (ufw limit 22/tcp >> "$logfile" 2>&1) || error "error" "$action" "$?"
 
+    action="enabling firewall" && display "task" "$action"
+    ufw --force enable >> "$logfile" 2>&1 || error "error" "$action" "$?"
+
     action="enabling firewall service to launch on boot" && display "task" "$action"
     systemctl enable ufw.service >> "$logfile" 2>&1  || error "error" "$action" "$?"
 
-    action="starting firewall service" && display "task" "$action"
-    systemctl start ufw.service >> "$logfile" 2>&1 || error "error" "$action" "$?"
-
     # Verify firewall is actually active
     action="verifying firewall is active" && display "task" "$action"
     if ufw status | grep -q "Status: active"; then
-- 
cgit v1.2.3