UFW blocks most ports until disabled and re-enabled after reboot

Question

I have UFW running on my server. When I restart it:

$sudo ufw status
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
1194/udp                   ALLOW       Anywhere                  
5550                       ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
8000                       ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
1194/udp (v6)              ALLOW       Anywhere (v6)             
5550 (v6)                  ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
8000 (v6)                  ALLOW       Anywhere (v6)

When I try to run it however, my ports 8000 and 1194 are currently being blocked.

When I run:

$sudo ufw disable
$sudo ufw enable

Then the ports are open. When I run status after that, it is the exact same as previously pasted.

Answer 1

Thanks to the reminder from @Nicholas. The problem is caused by iptables-persistent indeed. However, simply remove iptables-persistent is not a good solution as there maybe other rules applied through iptables. Thus if iptables-persistent is installed, a better way may be to persistent ufw rules using iptables-persistent, i.e.,

sudo ufw reload
sudo netfilter-persistent save

Answer 2

The real solution is to uninstall iptables-persistent and its dependency: sudo apt remove iptables-persistent and sudo apt autoremove.

As per: https://github.com/pivpn/pivpn/issues/414