the itjerk

my adventures with technology

Tag Archives: ufw

roon firewall update

For some reason which I now forget, I signed up for the beta channel for Roon’s Linux server software. It updates maybe once a month, and very recently (with 1.8.x) everything stopped working right. A quick jump to the community boards and I found out that Roon Labs had changed the ports required for the software. Even more astonishingly, it’s undocumented. Here’s what I’m using.

22/tcp                     ALLOW       Anywhere                  
9003/udp                   ALLOW       192.168.0.0/24       # roon
9330:9339/tcp              ALLOW       192.168.0.0/24       # roon
8008:8009/tcp              ALLOW       192.168.0.0/24       # roon
30000:30010/tcp            ALLOW       192.168.0.0/24       # roon
8010                       ALLOW       Anywhere             # chromecast
1194/udp                   ALLOW       192.168.0.0/24       # roon
22/tcp (v6)                ALLOW       Anywhere (v6)        
8010 (v6)                  ALLOW       Anywhere (v6)        # chromecast


uncomplicated firewall (ufw)

RoonUFW
I run a Roon Server or “Core” on my Ubuntu box to supply music to various endpoints on my local subnet. Because the computer also has a window to the outside world, I run a firewall, ufw. Like its namesake, it’s easy to configure, you can get the basics here. Anyway, I need to open a few ports so Roon Server can be discovered on my subnet, by creating an application profile and then adding a rule to the firewall.

First, we’ll create a file “roon” in the following location:
$ cd /etc/ufw/applications.d/
$ sudo touch roon
$ sudo nano roon

Here’s what’s in the file:
[Roon]
title=Roon Server
description=Roon Labs Core Music Server
ports=9003/udp|9100:9200/tcp

Note the context of the ports entry: The pipe separates udp from tcp, and ranges are set with a colon (and individual ports with a comma). Once you create the file, you can quickly check syntax by running ufw status, and it will let you know if you made any errors, which is handy. Once that’s created, it’s easy enough to add the rule to ufw, and check status again to see it working:

$ sudo ufw allow from 192.168.1.0/24 to any app roon
$ sudo ufw status

Status: active
To Action From
— —— —-
Roon ALLOW 192.168.1.0/24

I should note that the reason I’m doing this is because Roon doesn’t document what ports need to be open, and I’m having an issue with one piece of hardware being recognized on reboot. There’s probably another series of ports that I need to open up, so having a profile is an easy way to trouble shoot; once I make changes, I can edit the profile then update ufw with the following command:

$ sudo ufw app update Roon

Since Roon uses randomized ports, my interim fix is to allow access to the server from the endpoint in question:

$ sudo ufw allow from [endpoint ip]

Nothing scary here folks, just some computer and network basics.