The UFW firewall package uses iptables at the backend, but it is
lacking syntax to block UDP ports and I think this would be useful.
I
ran the command "UFW default deny incoming UDP" and it wrote to the
chain successfully, but I ran nslookup afterwards and it succeeded,
meaning that it did not block UDP all ports because DNS uses UDP. This
may be a bug.
Michael Lazin
.. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.