Hooray, I started experimenting with UFW Firewall and thus I created some custom application profiles specifically for a
Linux Ubuntu 20.04 instance runnin on my Homelab hypervisor.
So, I decided to publish and maintain a library to contain any type of application which should enhance the overall firewall experience.
Introduction for UFW Firewall on Linux Ubuntu
Uncomplicated Firewall is an advanced front-end for iptables on Linux which is an awesome firewall at its core. One of its features is
Application Profiles which are INI-style files that contain profile information and numerous port settings.
This allows packages to include their own firewall settings and make them available to UFW when installed to use with simple commands.
UFWApp Library for Application Profiles
Anyway, while experimenting with default application profiles that are normally provided for UFW during software packages installation. I found that many of those settings are usually irrelevant and most of the time are very messy with bad description.
In addition, you will find that one application is installing multiple profiles for a single purpose, which is hilarious. In fact, I came up with my own implementation to sort this mess out for you, I call it the UFWApp Library which should be available on GitHub by the time I finish writing this article.
List of Available ApplicationsPlease note that application type (eg. Web Server, File Transfer, Secure Shell, ETC) is what actually matters when specifying settings for UFW firewall.
- Apache (Web Server)
- NGINX (Web Server)
- OpenSSH (Secure Shell)
- Postfix (Mail Submission)
- Dovecot (Mail Management)
- VSFTPD (File Transfer)
- FileZilla (File Transfer)
- Odoo (Odoo Server)
- Jekyll (Jekyll Server)
These and many more, any other alternative for such applications should apply.
How to Install UFWApp Library on Linux Ubuntu
Clone the repository provided above into your system and install the required files.
git clone https://github.com/iSmoothBlog/UFWApp.git cd UFWApp sudo make install
You will find a backup for old profiles in
/etc/ufw/backup after installation.
This will swap messy profiles configured on your system to be replaced with UFWApp implementation instead.
Once installed, proceed to list all applications then exchange
* with a selected profile:
sudo ufw app list sudo ufw allow "*"
A profile selected will work for all applications in the same field. So, continue setting allow rules until you are satisfied.
Finally, you must verify UFW firewall status then reboot your system accordingly.
sudo ufw status sudo reboot