diff --git a/apparmor.d/groups/firewall/ufw b/apparmor.d/groups/firewall/ufw
index b7f133641..3b931fb2b 100644
--- a/apparmor.d/groups/firewall/ufw
+++ b/apparmor.d/groups/firewall/ufw
@@ -32,11 +32,13 @@ profile ufw @{exec_path} flags=(attach_disconnected) {
   @{python_path}               rix,
   @{bin}/ r,
   @{bin}/cat                   rix,
+  @{bin}/echo                  rix,
   @{bin}/env                   r,
+  @{bin}/kmod                  rCx -> kmod,
+  @{lib}/ufw/ufw-init          rix,
   @{sbin}/sysctl               rix,
   @{sbin}/xtables-legacy-multi rix,
   @{sbin}/xtables-nft-multi    rix,
-  @{lib}/ufw/ufw-init          rix,
 
   /etc/default/ufw rw,
   /etc/ufw/ rw,
@@ -56,6 +58,18 @@ profile ufw @{exec_path} flags=(attach_disconnected) {
   @{PROC}/sys/net/ipv{4,6}/** rw,
   @{PROC}/sys/kernel/modprobe r,
 
+  profile kmod flags=(attach_disconnected) {
+    include <abstractions/base>
+    include <abstractions/app/kmod>
+
+    capability sys_module,
+
+    @{sys}/module/compression r,
+    @{sys}/module/*/initstate r,
+
+    include if exists <local/ufw_kmod>
+  }
+
   include if exists <local/ufw>
 }