Let’s look at the simple syntax first. Say, for example, you want to allow traffic on port 22 (SSH). To do this with UFW, you’d run a command like: sudo ufw allow 22

NOTE: I added sudo to the command because you must have admin privileges to run ufw. If you’re using a distribution that doesn’t take advantage of sudo, you’d first have to su to root and then run the same command (minus sudo).

Conversely, say you want to prevent traffic on port 22. To do this, the command would look like: sudo ufw deny 22

Should you want to add a protocol to this, the command would look like: sudo ufw deny 22/tcp

What happens if you don’t happen to know the port number for a service? The developers have taken that into consideration. UFW will run against /etc/services in such a way that you can define a rule using a service instead of a port. To allow SSH traffic, that command would look like: sudo ufw allow ssh

Pretty simple, right? You can also add protocols to the above command, in the same way you did when defining a rule via port number. sudo ufw allow ssh/tcp