§2024-09-30
UFW supports application profiles that make it easy to manage firewall rules for common services. These profiles are typically defined in /etc/ufw/applications.d/ . Here's how you can create and use application profiles with UFW.
$ ls -al /etc/ufw/applications.d/
total 16
drwxr-xr-x 2 root root 59 Sep 27 15:36 .
drwxr-xr-x 3 root root 4096 Sep 27 14:16 ..
-rw-r--r-- 1 root root 374 May 31 2023 nginx
-rw-r--r-- 1 root root 145 Jun 26 21:11 openssh-server
-rw-r--r-- 1 root root 183 Feb 11 2021 turnserver
- /etc/ufw/applications.d/nginx
[Nginx HTTP]
title=Web Server (Nginx, HTTP)
description=Small, but very powerful and efficient web server
ports=80/tcp
[Nginx HTTPS]
title=Web Server (Nginx, HTTPS)
description=Small, but very powerful and efficient web server
ports=443/tcp
[Nginx Full]
title=Web Server (Nginx, HTTP + HTTPS)
description=Small, but very powerful and efficient web server
ports=80,443/tcp
``
- /etc/ufw/applications.d/openssh-server
[OpenSSH] title=Secure shell server, an rshd replacement description=OpenSSH is a free implementation of the Secure Shell protocol. ports=22/tcp
- /etc/ufw/applications.d/turnserver
[Turnserver] title=Coturn Turnserver description=Free open source implementation of TURN and STUN Server ports=3478,3479,5349,5350,49152:65535/tcp|3478,3479,5349,5350,49152:65535/udp
- Breakdown of the Profile
- [Turnserver]:
- This is the profile name, which is used when applying rules with UFW (e.g., ufw allow Turnserver).
- title=Coturn Turnserver:
- This line provides a human-readable title for the application, making it easier to identify.
description=Free open source implementation of TURN and STUN Server:
- A brief description of the application, explaining its purpose.
- ports=3478,3479,5349,5350,49152:65535/tcp|3478,3479,5349,5350,49152:65535/udp:
- This line specifies the ports and protocols that the application uses:
- TCP Ports: 3478, 3479, 5349, 5350, and the range 49152:65535.
- UDP Ports: The same ports are listed for UDP.
- The | symbol separates TCP and UDP configurations.
Example of Application Profiles
Creating an Application Profile
Let's say you want to create a profile for a web server (e.g., Apache). You would create a file in /etc/ufw/applications.d/ named Apache.
bash
コードをコピーする
sudo nano /etc/ufw/applications.d/Apache
Inside this file, you could define the profile like this:
ini
コードをコピーする
[Apache]
title=Apache Web Server
description=Full access to the Apache web server
ports=80,443
This profile specifies that the application runs on ports 80 (HTTP) and 443 (HTTPS).
Loading the Profile
After creating the profile, UFW will recognize it automatically. You can view all available application profiles with the following command:
bash
コードをコピーする
sudo ufw app list
You should see Apache listed among other profiles.
Allowing Traffic for the Application
To allow traffic for the Apache web server using the profile you created, you would run:
bash
コードをコピーする
sudo ufw allow 'Apache'
Checking UFW Status
You can check the status of UFW and see which rules are active:
bash
コードをコピーする
sudo ufw status
This will show that traffic to ports 80 and 443 is allowed through the firewall.
Example Application Profiles Included with UFW
UFW comes with some predefined application profiles. You can see them by running:
bash
コードをコピーする
sudo ufw app list
Some common profiles include:
OpenSSH: Allows SSH connections (port 22).
Nginx Full: Allows traffic on HTTP and HTTPS ports (80 and 443).
Samba: For file sharing with Samba.
Conclusion
Using application profiles in UFW simplifies managing firewall rules for common services, enhancing both usability and security. You can easily create custom profiles for your applications, making it straightforward to manage access.
If you have more questions or need further details, just let me know!