how do you create an app profile for ufw?

To answer the real question, about how to create your own application file, you only need to know that it is using windows INI file format (yuck).

[appname]
title=1-liner here
description=a longer line here
ports=1,2,3,4,5,6,7,8,9,10,30/tcp|50/udp|53

The ports line can specify multiple ports, with /udp or /tcp, to limit the protocol, otherwise it defaults to both. You have to split the protocol sections up with |.

So, for a real-life set of examples I made:

[puppet]
title=puppet configuration manager
description=Puppet Open Source from http://www.puppetlabs.com/
ports=80,443,8140/tcp

[AMANDA]
title=AMANDA Backup
description=AMANDA the Advanced Maryland Automatic Network Disk Archiver
ports=10080

You can list multiple versions of the app in a single file, like this one from apache:

===start of apache2.2-common file===
[Apache]
title=Web Server
description=Apache v2 is the next generation of the omnipresent Apache web server.
ports=80/tcp

[Apache Secure]
title=Web Server (HTTPS)
description=Apache v2 is the next generation of the omnipresent Apache web server.
ports=443/tcp

[Apache Full]
title=Web Server (HTTP,HTTPS)
description=Apache v2 is the next generation of the omnipresent Apache web server.
ports=80,443/tcp

===end of file===

Once you have defined your application file, put it in /etc/ufw/applications.d, then tell ufw to reload the application definitions with

ufw app update appname
ufw app info appname

Use it with something like:

ufw allow from 192.168.1.10 to any app amanda
ufw allow amanda

assuming 192.168.1.10 is the IP of your amanda server.

It's actually all there in the manpage under the "Application Integration" section.

The basic syntax is:

ufw allow <app_name>

Or you can use the extended syntax to be more specific:

ufw allow from <some_address> to any app <app_name>

The manpage specifically says not to specify a port number:

You should not specify the protocol with either syntax, and with the extended syntax, use app in place of the port clause.

This probably means it will let <app_name> use whatever port it wants to..

Other useful commands:

ufw app info <app_name>

Which lists the information on <app_name>'s profile.

ufw app update <app_name>  

Which updates <app_name>'s profile. You can use all to update all application profiles.

You can use the:

ufw app update --add-new <app_name>  

command to add a new profile for <app_name> and update it, following the rules you set out with ufw app default <policy>.

App profiles are stored in /etc/ufw/applications.d and sometimes /etc/services.

For more information see man ufw.