I recently added UFW firewall to my Ubuntu 24.04 LTS running Roon server. Of course I ran into problems with my Roon endpoints but managed to solve most problems with this post by Alex_Reusch - Updated UFW configuration. So I highly advice you to go there first.
But too bad my Apple Homepods still didn’t work after the changes from Alex. After a long time trying to tinker with ports, IGMP, profiles and what not I came up with a simple solution. I just made a “allow in” for the ip-adresses of the Apple Homepod devices (or any airplay device).
Step 1: Find your Homepod’s IP-address
In your Roon app goto sttings and then audio. The Ip-address should display under the device name of your homepod.
If Roon app doesn’t display the homepod, disable ufw and try again
sudo ufw disable
Now use that IP-address to make a rule in UFW to allow all traffic from your Homepod.
In this example my homepod IP-adress is 192.168.1.191. Replace this ip-address with your own.
sudo ufw allow in from 192.168.1.191 comment 'Allow Roon traffic from HomePod 1'
After that just restart UFW
sudo ufw reload
You might need to restart Roon server, Roon app and your Homepods if it doesn’t work straight away.
This worked for me and I hope it will help others as well.
============================
Just for complete information my UFW status (sudo ufw status verbose) looks like this:
~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
9003/udp (Roon) ALLOW IN 192.168.1.0/24
9100:9200/tcp (Roon) ALLOW IN 192.168.1.0/24
1900/udp (Roon) ALLOW IN 192.168.1.0/24
9330:9339/tcp (Roon) ALLOW IN 192.168.1.0/24
30000:30009/tcp (Roon) ALLOW IN 192.168.1.0/24
32768:65535/tcp (Roon) ALLOW IN 192.168.1.0/24
5353/udp (Roon) ALLOW IN 192.168.1.0/24
Anywhere ALLOW IN 192.168.1.191 # Allow Roon traffic from Homepod1
Anywhere ALLOW IN 192.168.1.107 # Allow Roon traffic from Homepod2
My /etc/ufw/applications.d/roon profile looks like this:
[Roon]
title=Roon Labs Core Server
description=Roon Core, Endpoints, and Apple AirPlay Support
ports=9003/udp|9100:9200/tcp|1900/udp|9330:9339/tcp|30000:30009/tcp|32768:65535/tcp|5353/udp
And my Roon specific rules in * /etc/ufw/before.rules* look like this:
### IGMP (Roon) ###"
-A ufw-before-input -s 224.0.0.0/4 -j ACCEPT
-A ufw-before-input -d 224.0.0.0/4 -j ACCEPT
-A ufw-before-input -s 240.0.0.0/5 -j ACCEPT
-A ufw-before-input -m pkttype --pkt-type multicast -j ACCEPT
-A ufw-before-input -m pkttype --pkt-type broadcast -j ACCEPT