ufw is disabled by default, so you'll need to enable it:
donnie@ubuntu:~$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
donnie@ubuntu:~$
To do this, I logged in to the virtual machine remotely from a terminal of my trusty OpenSUSE workstation. It gave me a warning that my Secure Shell connection could be disrupted, but that didn't happen. (It could be because of connection tracking rules, or it could be that I just got lucky.) I'll leave it up to you to do a sudo iptables -L, because ufw creates a very large default ruleset that would be impossible to display in this book.
Next, let's add a rule that will allow us to remotely connect through Secure Shell in the future:
sudo ufw allow 22/tcp
Do a sudo iptables -L, and you'll see that the new rule shows up in the ufw-user-input chain:
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
In the preceding sudo ufw allow 22/tcp command, we had to specify the TCP protocol, because TCP is all that we need for Secure Shell. We can also open a port for both TCP and UDP just by not specifying a protocol. For example, if you're setting up a DNS server, you'll want to have port 53 open for both protocols (you'll see the entries for port 53 listed as domain ports):
sudo ufw allow 53
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
If you do sudo ip6tables -L, you'll see that a rule for IPv6 also got added for both of the two preceding examples.