I learnt about ufw from this video, basically to protect outsiders accessing your server apps on ports. as appose the nginx proxy listenening at port 80.
$ apt-get install ufw
$ ufw allow OpenSSH
$ ufw allow http
$ ufw allow https
$ ufw enable
$ ufw status
as an example, i have
- my expressjs app http://blogjono.com on port 3000
- nginx config proxy_pass so will redirect traffic from port 80 to 3000
- a user can type http://blogjono.com:3000 and the website will load, ufw blocks this
It will also block outside connections to your mongodb port 27017. so you would ssh into the server and then do your database administration.