Question

64

how do you create an app profile for ufw?

rated 0 times [ 64] [ 0] / answers: 1 / hits: 94626 / 3 Years ago, fri, september 10, 2021, 11:51:52

Ufw has a command that lists out profiles to which you can further explore their profile definitions

$ ufw app list

And

$ ufw app PROFILE {app profile title}

I was wondering how you can create a profile for an undefined program, like virtual box and have that profile run the same definitions I have given iptables for my Ubuntu distro.

Not only am I trying to use Ubuntus firewall to service my virtual machine. I am also sincerely curious as how to create a profile for an application that doesn't come with one.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

dersol

Add To Favorites

Follow

Total Points: 78

Total Questions: 100

Total Answers: 124

Location: Christmas Island

Member since Mon, Oct 19, 2020

4 Years ago

dersol questions

1 Horizontal colored lines appearing on display (Ubuntu 22.04)

Wed, Apr 26, 23, 05:00, 1 Year ago

1 /dev/ttyUSB0 not present in Ubuntu 22.04

Mon, May 16, 22, 00:10, 2 Years ago

1 How to write shell script to wget a url once, then wget a second url every two minutes for 1 hour

Sat, Oct 22, 22, 13:45, 2 Years ago

1 zip command keeps including the entire parent directory structure

Tue, Sep 6, 22, 03:26, 2 Years ago

1 Visual Studio Code UI is visually mismatched in Ubuntu 19.10

Sat, May 8, 21, 17:15, 3 Years ago

View All

answered 3 Years ago cheeturage · Accepted Answer

To answer the real question, about how to create your own application file, you only need to know that it is using windows INI file format.

[appname]

title=1-liner here

description=a longer line here

ports=1,2,3,4,5,6,7,8,9,10,30/tcp|50/udp|53

The ports line can specify multiple ports, with /udp or /tcp, to limit the protocol, otherwise it defaults to both. You have to split the protocol sections up with |.

So, for a real-life set of examples I made:

[puppet]

title=puppet configuration manager

description=Puppet Open Source from http://www.puppetlabs.com/

ports=80,443,8140/tcp



[AMANDA]

title=AMANDA Backup

description=AMANDA the Advanced Maryland Automatic Network Disk Archiver

ports=10080

You can list multiple versions of the app in a single file, like this one from apache:

===start of apache2.2-common file===

[Apache]

title=Web Server

description=Apache v2 is the next generation of the omnipresent Apache web server.

ports=80/tcp



[Apache Secure]

title=Web Server (HTTPS)

description=Apache v2 is the next generation of the omnipresent Apache web server.

ports=443/tcp



[Apache Full]

title=Web Server (HTTP,HTTPS)

description=Apache v2 is the next generation of the omnipresent Apache web server.

ports=80,443/tcp



===end of file===

Once you have defined your application file, put it in /etc/ufw/applications.d, then tell ufw to reload the application definitions with

ufw app update appname

ufw app info appname

Use it with something like:

ufw allow from 192.168.1.10 to any app amanda

ufw allow amanda

assuming 192.168.1.10 is the IP of your amanda server.