Anything that says "ALLOW Anywhere". Basically you should ONLY open these ports externally if you need external services running on them (apache, ssh, etc).
Originally Posted by capo1949
For other stuff that should stay local - samba, nfs, you should NOT open those ports to the world so to speak.
So for example, if I wanted to allow any IP on my LAN the only rule I would need is:
That way you allow any LAN traffic to your server. If you want it even more secure, give static IPs to your workstations and allow rules based on the workstation. Drilling down to the port number can be cumbersome, but it is the most secure option.
sudo ufw allow from 192.168.0.0/24