You seem to be close to the answer. The easiest thing to do is to temporarily turn off the firewall let your media boxes run for a couple of minutes and then check the output from lsof
lsof -i :1025-9999 +c 15
The -i lists "files" corresponding to an open port, use -i4 to restrict to IPv4 only. The number list restricts this to a list of port numbers - miss it off if you want everything. The +c bit just gives you more meaningfull command names associated with the ports
netstat -lptu --numeric-ports
This lists all of the active ports along with their protocol and source/target address.
With this information, you can build a script to set ufw correctly. Here is my script by way of example:
#!/bin/sh
# Set up local firewall using ufw (default install on Ubuntu)
# @see /etc/services for port names
# obtain server's IP address
SERVERIP=192.168.1.181
# Local Network
LAN="192.168.0.0/255.255.0.0"
# disable firewall
ufw disable
# reset all firewall rules
ufw reset
# set default rules: deny all incoming traffic, allow all outgoing traffic
#ufw default allow incoming
ufw default deny incoming
ufw default allow outgoing
# open port for SSH
ufw allow OpenSSH
# open port for Webmin
ufw allow webmin
# open ports for Samba file sharing
ufw allow from $LAN to $SERVERIP app Samba
ufw allow to $LAN from $SERVERIP app Samba
#ufw allow from $LAN to $SERVERIP 137/udp # NetBIOS Name Service
#ufw allow from $LAN to $SERVERIP 138/udp # NetBIOS Datagram Service
#ufw allow from $LAN to $SERVERIP 139/tcp # NetBIOS Session Service
#ufw allow from $LAN to $SERVERIP 445/tcp # Microsoft Directory Service
# open ports for Transmission-Daemon
ufw allow 9091
ufw allow 20500:20599/tcp
ufw allow 20500:20599/udp
# Mediatomb
## upnp service discovery
ufw allow 1900/udp
## Mediatomb management web i/f
ufw allow 49152
# Plex Media Server
## Manage
ufw allow 32400
# open port for MySQL
ufw allow proto tcp from $LAN to any port 3306
# open ports for web services
ufw allow 80
ufw allow 443
ufw allow 8000:9999/tcp
ufw allow 8000:9999/udp
# Deny FTP
ufw deny 21/tcp
# Webmin/usermin allow
ufw allow webmin
ufw allow 20000
# open port for network time protocol (ntpd)
ufw allow ntp
# Allow Firefly (DAAP)
ufw allow 3689
# enable firewall
ufw enable
# list all firewall rules
ufw status verbose
You should be able to see from the Mediatomb section that uPNP is working on the standard port 1900 over UDP (not TCP) and is open in both directions, this is the main port for you. But you can also see that there are numerous other ports required for specific services.
Base on this answer from ServerFault,
ufw supports per rule logging. By default, no logging is performed when a packet matches a rule.
All you have to do is create a UFW deny rule to match those multicast packets.
Best Answer
Ubuntu's Community Help Wiki page on UFW has information on toggling logging if you'd like to disable it completely. The man page on UFW has much better information on it, which provides more advanced options for log levels.
The quick workaround is to use the command
ufw logging offto eliminate ufw logging entirely (might or might not fulfill your wishes).