The UFW firewall package uses iptables at the backend, but it is lacking syntax to block UDP ports and I think this would be useful.
I ran the command "UFW default deny incoming UDP" and it wrote to the chain successfully, but I ran nslookup afterwards and it succeeded, meaning that it did not block UDP all ports because DNS uses UDP. This may be a bug. Michael Lazin .. τὸ γὰρ αὐτὸ νοεῖν ἐστίν τε καὶ εἶναι.