Ufw 允許應用程序：錯誤：需要 ‘from’ 或 ’to’ 和 ‘app’

我正在使用 Ubuntu 20.04.3 LTS，雖然這個問題可能不是特定於 Ubuntu，而是任何使用ufw. 我正在為 VNC vino 連接設置規則。我的意思是通過配置的應用程序來做到這一點。我創建/etc/ufw/applications.d/vino-server了以下內容

[Vino Server]
title = “Vino VNC Server”
description = “Vino - Default Ubuntu VNC server”
ports=5900,5901/tcp

接著

$ sudo ufw allow app "Vino Server" from 192.168.0.0/24
ERROR: Need 'from' or 'to' with 'app'

我該如何解決這個錯誤？

我當時執行

$ sudo ufw allow from 192.168.0.0/24 proto tcp to any port 5900

增加了一行ufw status（見下文），最後允許通過 remmina 進行連接。所以看來我可以連接，只是缺少應用程序方式配置/允許。

$ sudo nmap localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2021-11-19 08:03 -03
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000070s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
631/tcp  open  ipp
5900/tcp open  vnc

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere                  
5900/tcp                   ALLOW IN    192.168.0.0/24      <--- THIS LINE ADDED    
22/tcp (v6)                ALLOW IN    Anywhere (v6)             

$ sudo ss -ltnp
State        Recv-Q       Send-Q             Local Address:Port              Peer Address:Port       Process                                          
LISTEN       0            5                      127.0.0.1:631                    0.0.0.0:*           users:(("cupsd",pid=727,fd=7))                  
LISTEN       0            128                    127.0.0.1:6010                   0.0.0.0:*           users:(("sshd",pid=9845,fd=11))                 
LISTEN       0            5                        0.0.0.0:5900                   0.0.0.0:*           users:(("vino-server",pid=6594,fd=12))          
LISTEN       0            4096               127.0.0.53%lo:53                     0.0.0.0:*           users:(("systemd-resolve",pid=704,fd=13))       
LISTEN       0            128                      0.0.0.0:22                     0.0.0.0:*           users:(("sshd",pid=7138,fd=3))                  
LISTEN       0            5                          [::1]:631                       [::]:*           users:(("cupsd",pid=727,fd=6))                  
LISTEN       0            128                        [::1]:6010                      [::]:*           users:(("sshd",pid=9845,fd=10))                 
LISTEN       0            5                           [::]:5900                      [::]:*           users:(("vino-server",pid=6594,fd=11))          
LISTEN       0            128                         [::]:22                        [::]:*           users:(("sshd",pid=7138,fd=4))

來自man ufw：

ufw  [--dry-run]  [rule]  [delete]  [insert  NUM]  [prepend] allow|deny|reject|limit
[in|out [on INTERFACE]] [log|log-all] [proto PROTOCOL] [from ADDRESS  [port  PORT  | app APPNAME ]] 
[to ADDRESS [port PORT | app APPNAME ]] [comment COMMENT]

因此，您必須先指定from。

sudo ufw allow from 192.168.0.0/24 app "Vino Server" 

引用自：https://unix.stackexchange.com/questions/678244