Apple Homepods not working after activating UFW firewall Ubuntu

I recently added UFW firewall to my Ubuntu 24.04 LTS running Roon server. Of course I ran into problems with my Roon endpoints but managed to solve most problems with this post by Alex_Reusch - Updated UFW configuration. So I highly advice you to go there first.

But too bad my Apple Homepods still didn’t work after the changes from Alex. After a long time trying to tinker with ports, IGMP, profiles and what not I came up with a simple solution. I just made a “allow in” for the ip-adresses of the Apple Homepod devices (or any airplay device).

Step 1: Find your Homepod’s IP-address
In your Roon app goto sttings and then audio. The Ip-address should display under the device name of your homepod.
If Roon app doesn’t display the homepod, disable ufw and try again

sudo ufw disable

Now use that IP-address to make a rule in UFW to allow all traffic from your Homepod.
In this example my homepod IP-adress is 192.168.1.191. Replace this ip-address with your own.

sudo ufw allow in from 192.168.1.191 comment 'Allow Roon traffic from HomePod 1'

After that just restart UFW

sudo ufw reload

You might need to restart Roon server, Roon app and your Homepods if it doesn’t work straight away.

This worked for me and I hope it will help others as well.

============================
Just for complete information my UFW status (sudo ufw status verbose) looks like this:

~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
9003/udp (Roon)            ALLOW IN    192.168.1.0/24          
9100:9200/tcp (Roon)       ALLOW IN    192.168.1.0/24          
1900/udp (Roon)            ALLOW IN    192.168.1.0/24          
9330:9339/tcp (Roon)       ALLOW IN    192.168.1.0/24          
30000:30009/tcp (Roon)     ALLOW IN    192.168.1.0/24          
32768:65535/tcp (Roon)     ALLOW IN    192.168.1.0/24          
5353/udp (Roon)            ALLOW IN    192.168.1.0/24                 
Anywhere                   ALLOW IN    192.168.1.191            # Allow Roon traffic from Homepod1
Anywhere                   ALLOW IN    192.168.1.107            # Allow Roon traffic from Homepod2

My /etc/ufw/applications.d/roon profile looks like this:

[Roon]
title=Roon Labs Core Server
description=Roon Core, Endpoints, and Apple AirPlay Support
ports=9003/udp|9100:9200/tcp|1900/udp|9330:9339/tcp|30000:30009/tcp|32768:65535/tcp|5353/udp

And my Roon specific rules in * /etc/ufw/before.rules* look like this:

### IGMP (Roon) ###"
-A ufw-before-input -s 224.0.0.0/4 -j ACCEPT
-A ufw-before-input -d 224.0.0.0/4 -j ACCEPT
-A ufw-before-input -s 240.0.0.0/5 -j ACCEPT
-A ufw-before-input -m pkttype --pkt-type multicast -j ACCEPT
-A ufw-before-input -m pkttype --pkt-type broadcast -j ACCEPT

1 Like

Of course, before using sudo ufw reload, you’d need to run sudo ufw enable first.

Very sharp @mjw :grinning_face:

1 Like