diff --git a/ufw-config.md b/ufw-config.md
new file mode 100644
index 0000000..27720f4
--- /dev/null
+++ b/ufw-config.md
@@ -0,0 +1,30 @@
+# UFW config
+
+To enable UFW :
+```
+# dinitctl enable ufw
+# ufw enable
+```
+
+Deny all incoming traffic by default, allow outgoing :
+```
+# ufw default deny incoming
+# ufw default allow outgoing
+```
+
+Open needed ports, here an example with `SSH` :
+```
+# ufw allow ssh
+```
+
+> Common ports are `ssh`, `http`, `https`, `dns`, etc...
+
+You may also limit SSH connections against brute-force :
+```
+# ufw limit ssh
+```
+
+Then reload UFW :
+```
+# ufw reload
+```