You could call ufw, or uncomplicated firewall, a front-end of iptables. It can be installed via apt-get, or any other package manager.
If you just want to block some ports or IPs, iptables maybe a little bit overwhelming with all these chains and tables. ufw, as the name states, is way simpler.
First of all you should follow the principle of whitelisting. In other words, you block everything by default, and only let traffic come in (or go out) that is allowed. You might want to trust outgoing traffic by default.
In ufw you can achieve this by doing:
ufw default deny incoming ufw default allow outgoing
To allow someone to SSH on to your server you can do:
ufw allow from any to any port 22
If you want to allow this traffic on a certain interface you can do:
ufw allow from any to 10.0.0.1 port 22
If you only want this kind of traffic from a certain network or IP you can do:
ufw allow from 10.0.0.0/24 to 10.0.0.1 port 22
If a service is available for both transport layer protocols (udp and tcp), like DNS, you can specify:
ufw allow from 10.0.0.2 to 10.0.0.1 port 53/udp
If you want to delete a rule, just use delete in front of the line you added:
ufw delete allow from 10.0.0.2 to 10.0.0.1 port 53/udp
As last line add this rule to deny all incoming traffic:
ufw deny in to any
If you want to add some other firewall lines for incoming traffic, keep in mind that they need to be before the line above. You can do this by using insert:
ufw insert allow from 10.0.0.2 to 10.0.0.1 port 53/udp
To enable the firewall:
To check your rules (like iptables -L):
Please keep in mind that this list is not complete. Lots of other things can be achieved, using ufw. Some resources: