Is it ok to manually update a ufw profile?

Solution 1:

From ArchLinux Wiki:

Warning: If users modify any of the PKG provided rule sets, these will be overwritten the first time the ufw package is updated. This is why custom app definitions need to reside in a non-PKG file as recommended above!

I could not find similar statement within Ubuntu documentation. The only thing, connected with this topic, that I found there is in the article Firewall:

Applications that open ports can include an ufw profile, which details the ports needed for the application to function properly. The profiles are kept in /etc/ufw/applications.d, and can be edited if the default ports have been changed.

To be sure your edits will not be overwritten, you can create your own application profile file, for example:

sudo cp /etc/ufw/applications.d/openssh-server /etc/ufw/applications.d/openssh-server-custom

Then modify /etc/ufw/applications.d/openssh-server-custom in this way:

[CustomSSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=4444/tcp

After that you will be able to create rules as this:

sudo ufw limit CustomSSH

The main advantage of profile usage is that you can change the application's port and just reload UFW's configuration without need to delete rules and type new ones. If you don't intend to do that often, then you can type a rule for the custom port and leave a comment to be clear what is the rule's purpose:

sudo ufw limit 4444/tcp comment 'SSH Custom port'