I am using UFW to handle firewall rules on my Ubuntu 14.04 LAMP server.

I want to enable Longview, but I'm not sure how to add the needed rules through UFW.

According to this document it looks like I need to put them in /etc/ufw/after.rules but I believe they need to be formatted another way. When I simply copy and paste the rules,

#  Allow incoming Longview connections 
-A INPUT -s longview.linode.com -j ACCEPT

# Allow metrics to be provided Longview
-A OUTPUT -d longview.linode.com -j ACCEPT

UFW throws errors and won't start.

Can anyone advise? Thanks.

You should just be able to add a rule using the ufw command. This would then be saved as part of your rule set.

ufw insert # allow from longview.linode.com

You would choose the value for # so this appears early in the rule list - you can use ufw status numbered for a numbered list.

I'm not sure if ufw accepts a host name in place of an IP address - in any event, iptables only resolves it once, when the rule is loaded, and uses the IP address thereafter. So you could use 96.126.119.66 instead, and you'd just have to change it if the address for longview.linode.com ever changes.

Thanks for the reply...

Haven't tested the solution yet, because I tried simply installing Longview without adjusting firewall rules and it works fine.

Now I need to figure out if iptables is working properly. Lots to learn...

To be clear, you should need to do absolutely nothing. "Allow[ing] incoming Longview connections" isn't necessary, since Longview servers don't initiate any incoming connections. As long as you're allowed RELATED/ESTABLISHED connections in through INPUT (if you're not, you ought to be), you're fine there. `iptables-save` will show if you're doing that. The "# Allow metrics to be provided Longview" rule is only needed if you're blocking connections on OUTPUT, which is overkill for pretty much everybody and will only serve to cause you pain. If you're doing that, I highly recommend not.

- Les