How to manage UFW app profiles

1. Objective:

This procedure outlines the general steps to create and activate UFW app profiles to define firewall rules for specific applications or services. UFW app profiles make it easier to manage access to commonly used ports and services.

2. Steps:

Step 1: Navigate to the UFW Applications Directory

The directory for UFW app profiles is located at /etc/ufw/applications.d/. Move to this directory:

cd /etc/ufw/applications.d/

Step 2: Create a New UFW App Profile File

Use a text editor (e.g., nano) to create a new file for your app profile. Replace profile_name with a descriptive name:

sudo nano profile_name

Step 3: Define the App Profile

Add the following structure to the file, replacing placeholders with the appropriate values:

[App Profile Name]
title=Your App Title
description=Description of what this profile does
ports=port_range/protocol
  • App Profile Name: A unique identifier for the profile.
  • title: A short, user-friendly name.
  • description: A brief explanation of the profile's purpose.
  • ports: The ports and protocol to allow (e.g., 8000:8999/tcp or 443/udp).

Save and close the file (Ctrl+O, Enter, Ctrl+X in nano).

Step 4: Reload UFW Profiles

Apply the new configuration by reloading the UFW profiles:

sudo ufw app update profile_name

Step 5: Verify the App Profile

Check if your new app profile is available:

sudo ufw app list

You should see the app profile listed under "Available applications."

To inspect the details of the app profile, use:

sudo ufw app info "App Profile Name"

Step 6: Activate the App Profile

Enable the app profile to allow traffic as specified:

sudo ufw allow "App Profile Name"

Step 7: Verify UFW Rules

Confirm that the app profile is active:

sudo ufw status

Look for the rules corresponding to your app profile.

Step 8: Disable and Delete the App Profile

If you no longer need the app profile, disable it first:

sudo ufw delete allow "App Profile Name"

Then remove the profile file from the UFW applications directory:

sudo rm /etc/ufw/applications.d/profile_name

Reload UFW profiles to apply changes:

sudo ufw app update profile_name

3. Additional Information:

  • Profile Syntax: Ensure the syntax in the profile file is correct to avoid errors.
  • Security Note: Only allow the necessary ports and protocols for your application to minimize security risks.
  • UFW Installation: If UFW is not installed, install and enable it:
sudo apt install ufw
sudo ufw enable
  • Troubleshooting: If the profile does not work as expected, check the profile file for typos and ensure it resides in the correct directory. Logs can be checked using:
sudo ufw status verbose

Follow these steps to create, configure, and activate UFW app profiles for any application or service.