Thank you for using Ubuntu and filing a bug. The behavior you describe is actually be design, but is configurable. Many applications will add firewall rules to the various default chains. This is done without the ufw cli command or the ufw framework. As such, performing a flush on 'reload' becomes a destructive operation and this is inappropriate in the default installation. From /etc/default/ufw:
# By default, ufw only touches its own chains. Set this to 'yes' to have ufw # manage the built-in chains too. Warning: setting this to 'yes' will break # non-ufw managed firewall rules MANAGE_BUILTINS=no So if you would prefer this behavior, set MANAGE_BUILTINS=yes ** Changed in: ufw (Ubuntu) Status: New => Won't Fix ** Changed in: ufw (Ubuntu) Assignee: Jamie Strandboge (jdstrand) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/881137 Title: UFW does not clean iptables setting from /etc/ufw/before.rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/881137/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs