the itjerk

my adventures with technology

uncomplicated firewall (ufw)

RoonUFW
I run a Roon Server or “Core” on my Ubuntu box to supply music to various endpoints on my local subnet. Because the computer also has a window to the outside world, I run a firewall, ufw. Like its namesake, it’s easy to configure, you can get the basics here. Anyway, I need to open a few ports so Roon Server can be discovered on my subnet, by creating an application profile and then adding a rule to the firewall.

First, we’ll create a file “roon” in the following location:
$ cd /etc/ufw/applications.d/
$ sudo touch roon
$ sudo nano roon

Here’s what’s in the file:
[Roon]
title=Roon Server
description=Roon Labs Core Music Server
ports=9003/udp|9100:9200/tcp

Note the context of the ports entry: The pipe separates udp from tcp, and ranges are set with a colon (and individual ports with a comma). Once you create the file, you can quickly check syntax by running ufw status, and it will let you know if you made any errors, which is handy. Once that’s created, it’s easy enough to add the rule to ufw, and check status again to see it working:

$ sudo ufw allow from 192.168.1.0/24 to any app roon
$ sudo ufw status

Status: active
To Action From
— —— —-
Roon ALLOW 192.168.1.0/24

I should note that the reason I’m doing this is because Roon doesn’t document what ports need to be open, and I’m having an issue with one piece of hardware being recognized on reboot. There’s probably another series of ports that I need to open up, so having a profile is an easy way to trouble shoot; once I make changes, I can edit the profile then update ufw with the following command:

$ sudo ufw app update Roon

Since Roon uses randomized ports, my interim fix is to allow access to the server from the endpoint in question:

$ sudo ufw allow from [endpoint ip]

Nothing scary here folks, just some computer and network basics.

Comments are closed.

%d bloggers like this: