Dear Roon friends,
Over the years, a number of different UFW approaches for Roon have been shared, including some I posted myself. Many of them were helpful, but they often evolved into a combination of custom before.rules entries and UFW app profiles. In practice, that made the setup broader than necessary, harder to understand, and sometimes redundant. In some cases, the same logic was effectively handled in two different places at once.
That was never fully satisfying to me. I wanted a cleaner and more consistent approach: something minimal, lean, and actually understandable. So I recently took the time to revisit the setup from scratch and identify a slim UFW configuration that works very well in my environment.
My goal was to move away from a hybrid setup and instead use one consistent approach only: proper UFW application profiles. For me, that is easier to understand, easier to maintain, and much cleaner than scattering Roon-specific rules across generic firewall framework files.
I also wanted to avoid just copying broad rule sets from older posts without really knowing what is actually needed. So I captured and reviewed the ports that Roon was really using in my environment. Based on that, I found active use of 9003/udp, 9330/tcp, and 9332/tcp. I also saw that Roon appears to listen on 1900/udp, 9150/tcp and 9200/tcp, even though I did not actively observe those three ports being used during my tests. I therefore decided to keep them in the profile as a small safety margin, while still staying much leaner than the broader rule sets that are often mentioned elsewhere.
My local network uses the 192.168.1.x subnet, so if you want to use the same setup, please make sure to replace 192.168.1.0/24 with the subnet that matches your own network.
I ended up creating two separate profile files under:
/etc/ufw/applications.d/
You could also put both profiles into a single file, but I personally chose to use two separate files because I find it cleaner to keep normal Roon access and Roon ARC clearly separated.
1. Create the Roon profile file
Open a terminal and run:
sudo nano /etc/ufw/applications.d/roon
This opens a new file in the Nano editor.
Paste the following into the file:
[Roon]
title=Roon Server
description=Roon Core local LAN access
ports=1900/udp|9003/udp|9150/tcp|9200/tcp|9330:9332/tcp
Then save and exit Nano:
-
Press
Ctrl+O -
Press
Enter -
Press
Ctrl+X
2. Create the Roon ARC profile file
Now create the second file:
sudo nano /etc/ufw/applications.d/roon-arc
Paste this into the file:
[Roon-ARC]
title=Roon ARC
description=Roon ARC inbound access
ports=55000/tcp
Then save and exit again:
-
Press
Ctrl+O -
Press
Enter -
Press
Ctrl+X
3. Update UFW so it reads the new profiles
Run:
sudo ufw app update Roon
sudo ufw app update Roon-ARC
You can check whether UFW sees the profiles correctly with:
sudo ufw app list
And if you want to inspect them in detail:
sudo ufw app info Roon
sudo ufw app info Roon-ARC
4. Add the actual firewall rules
For normal Roon access inside your local LAN, run:
sudo ufw allow from 192.168.1.0/24 to any app Roon
Again, if your LAN is not 192.168.1.x, replace that subnet with your own.
For Roon ARC, run:
sudo ufw allow Roon-ARC
5. Check the result
To see the active rules, run:
sudo ufw status numbered
6. Remove old Roon entries from before.rules
If you previously added Roon-specific entries to /etc/ufw/before.rules, I would recommend removing them once the app-profile approach is working.
That was an important part of the cleanup for me. I specifically wanted to avoid continuing with a mixed setup where part of the logic sits in before.rules and another part in app profiles. In my experience, that only makes the configuration more confusing, more redundant, and harder to troubleshoot later.
And that was all that was needed in my case — no additional tweaks, no extra entries, and no further special settings. This is not a universal truth for every possible Roon setup, but for anyone looking for a leaner, cleaner, and more consistent UFW configuration on Ubuntu, this may be a useful starting point.
Have fun!
//Alex