The easy way to use the firewall is to block all incoming traffic, and tune it.
If you have behind a NAT router and would like to trust the internal work, you can do this:
sudo ufw allow from 192.168.0.0/16
sudo ufw disable && sudo ufw enable
It is also a good idea to stop the ping request:
# ok icmp codes
-A ufw-before-input -p icmp --icmp-type destination-
-A ufw-before-input -p icmp --icmp-type source-quench -j ACCEPT
-A ufw-before-input -p icmp --icmp-type time-exceeded -j ACCEPT
-A ufw-before-input -p icmp --icmp-type parameter-problem -j ACCEPT
# Don't allow ping requests:
# -A ufw-before-input -p icmp --icmp-type echo-request -j ACCEP
If you are behind the NAT router, others might be able to ping you because the route responds to the request. Try to disable the echo back on the router directly.
Try ping yourself or ssh from any web-based ping and ssh to test your firewall!