UFW firewall basics on Ubuntu and Debian

What you will achieve

UFW enabled with sensible defaults — SSH allowed before you lock yourself out, common service ports opened deliberately.

1) Install and check status

sudo apt install ufw
sudo ufw status verbose

2) Set defaults before enabling

sudo ufw default deny incoming
sudo ufw default allow outgoing

3) Allow SSH first

sudo ufw allow OpenSSH
# or explicit port: sudo ufw allow 22/tcp

Do this before ufw enable on remote servers. Keep your current SSH session open while testing a new one.

4) Allow web services (if needed)

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp

5) Enable UFW

sudo ufw enable
sudo ufw status numbered

6) Remove rules safely

sudo ufw delete 3

Use numbered status to delete by index. Or ufw delete allow 80/tcp.

Verify

New SSH session connects. Intended web ports respond. Unlisted ports show filtered/closed from external scans.