diff --git a/preseed.cfg b/preseed.cfg
index b17189c..7b672db 100644
--- a/preseed.cfg
+++ b/preseed.cfg
@@ -526,8 +526,10 @@ d-i finish-install/reboot_in_progress note
 d-i preseed/late_command \
         in-target update-alternatives --set editor /usr/bin/vim.basic; \
         in-target sed -i'.orig' -r 's/^#?(Port) .*/\1 4242/; s/^#?(PermitRootLogin) .*/\1 no/;' /etc/ssh/sshd_config; \
-        in-target ufw enable; \
+        in-target ufw default deny incoming; \
+        in-target ufw default allow outgoing; \
         in-target ufw allow proto tcp from any to any port 4242 comment 'Allow SSH'; \
+        in-target ufw enable; \
         in-target groupadd -f -r sudo; \
         in-target groupadd -f user42; \
         in-target usermod -a -G sudo,user42 gbaconni; \