sudo bash << EOF
ufw --force reset
ufw default deny incoming
ufw default deny outgoing
ufw limit 22 # ssh
ufw allow out 53 # dns
ufw allow out 80 # http
ufw allow out 443 # https
EOF
sudo ufw enable
restrict SSH to a single IP
ufw limit from XX.XX.XX.XX to any port 22