Credit to kraxor's comment on the original question:
You should try reinstalling iptables
by executing the following command:
sudo apt-get --reinstall install iptables
ufw is a front-end for netfilter/iptables, the Linux mechanism for routing and filtering internet traffic.
ufw is completely optional and it's possible to create firewall and routing tables directly using the iptables commands. Some people prefer the syntax of ufw, which is supposed to make it a bit easier.
ufw itself is not the firewall, it's a tool for setting the configuration of netfilter/iptables. It is registered as a service because it needs to be run every time your machine starts up. I don't believe it stays resident in memory after it has done this configuration. "restarting" the service simply re-runs its scripts. It is not unusual for things in Linux distributions to be registered as services even though they are merely scripts that run at boot or shutdown without staying resident in between.
If you use ufw you can't set your own iptables rules using your own scripts, as they will be overwritten when ufw sets its own. This also means that ufw can conflict with other tools that set firewall rules.
If sudo ufw status
returns "inactive", it means ufw has been disabled (and won't, for example, re-apply any rules at startup). You need to ensure ufw is enabled with sudo ufw enable
, though you also need to configure rules for this to have meaning. If you are sure you have enabled ufw but it returns "inactive" there could be some other issue.
Note that "starting" the service doesn't enable ufw, it just activates the start-up script. If ufw is disabled when the start-up script runs it won't do anything.
You can tell if your firewall rules have been applied at any given time using iptables directly:
sudo iptables -L
sudo ip6tables -L
Best Answer
To answer the real question, about how to create your own application file, you only need to know that it is using windows INI file format (yuck).
The ports line can specify multiple ports, with /udp or /tcp, to limit the protocol, otherwise it defaults to both. You have to split the protocol sections up with |.
So, for a real-life set of examples I made:
You can list multiple versions of the app in a single file, like this one from apache:
Once you have defined your application file, put it in
/etc/ufw/applications.d
, then tell ufw to reload the application definitions withUse it with something like:
assuming 192.168.1.10 is the IP of your amanda server.