ufw is disabled by default, so you'll need to enable it:

donnie@ubuntu:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
donnie@ubuntu:~$

To do this, I logged in to the virtual machine remotely from a terminal of my trusty OpenSUSE workstation. It gave me a warning that my Secure Shell connection could be disrupted, but that didn't happen. (It could be because of connection tracking rules, or it could be that I just got lucky.) I'll leave it up to you to do a sudo iptables -L, because ufw creates a very large default ruleset that would be impossible to display in this book.

Next, let's add a rule that will allow us to remotely connect through Secure Shell in the future:

sudo ufw allow 22/tcp

Do a sudo iptables -L, and you'll see that the new rule shows up in the ufw-user-input chain:

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh

In the preceding sudo ufw allow 22/tcp command, we had to specify the TCP protocol, because TCP is all that we need for Secure Shell. We can also open a port for both TCP and UDP just by not specifying a protocol. For example, if you're setting up a DNS server, you'll want to have port 53 open for both protocols (you'll see the entries for port 53 listed as domain ports):

sudo ufw allow 53

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain

If you do sudo ip6tables -L, you'll see that a rule for IPv6 also got added for both of the two preceding examples.