ufw --- On installation, ufw is not automatically enabled. To load the firewall and enable it on boot, run: # ufw enable See 'man ufw' and README for more information. Upgrading --------- It is important to note that to properly support remote users, the firewall will not be automatically restarted during upgrades. After an upgrade, either reboot or perform: # /etc/init.d/ufw restart Please note that the above command will briefly open the firewall before reloading the rules. Preseeding ---------- ufw has support for preseeding. To enable a default deny firewall, add to your preseed file: ufw ufw/enable boolean true And to allow a service, use: ufw ufw/allow_known_ports multiselect SSH, WWW Currently, ufw knows about the following services: Cups # tcp and udp port 631 DNS # tcp and udp port 53 Imap (Secure) # tcp port 993 Pop3 (Secure) # tcp port 995 SSH # tcp port 22 Samba # udp ports 137, 138 and tcp ports 139, 445 Smtp # tcp port 25 WWW # tcp port 80 WWW (Secure) # tcp port 443 You may also add additional ports by supplying a space separated list of services from /etc/services, a port number or a port/protocol combination. Eg: ufw ufw/allow_custom_ports string auth 8080 1194/udp Please keep in mind that these ports and services are not associated with ufw application profiles.