diff --git a/seqs/ufw.sh b/seqs/ufw.sh
new file mode 100755
index 0000000..5c849e1
--- /dev/null
+++ b/seqs/ufw.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+toolName=ufw
+toolDeps=$toolName
+
+# Get script working directory
+# (when called from a different directory)
+WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
+CONFIG=0
+CONFIG_FILE_NAME="${toolName}.cfg"
+CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
+
+#step_config() {
+#  echo "Called once before executing steps."
+  ## e.g. to source a config file manually:
+  #. "$CONFIG_FILE"
+  ## or to use sequencer api:
+  #initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
+  #if [ $? -eq 0 ] ; then
+  #  CONFIG=1
+  #fi
+#}
+
+step_1_info() { echo "Install $toolName and allow ssh access"; }
+step_1_alias() { ALIAS="install"; }
+step_1() {
+  local aptOpt=
+  if [ $QUIET -ne 0 ];then
+    aptOpt="-y"
+  fi
+  exe apt install $toolDeps $aptOpt
+  exe ufw allow ssh
+}
+
+step_2_info() { echo "Enable $toolName"; }
+step_2() {
+  exe ufw enable
+}
+
+step_20_info() { echo "Enable mail server essentials"; }
+step_20_alias() { ALIAS="mailserver"; }
+step_20() {
+  exe ufw allow "Postfix"
+  exe ufw allow "Postfix SMTPS"
+  exe ufw allow "Dovecot Secure IMAP"
+  exe ufw allow "WWW Secure"
+  # Manage sieve
+  exe ufw allow 4190/tcp
+}
+
+step_22_info() { echo "Deny multicast from gateway [IP]"; }
+step_22_alias() { ALIAS="multicast"; }
+step_22() {
+  shift
+  if [ -z $1 ] ; then
+    echoerr " [E] No [IP} specified"
+    return 1
+  fi
+
+  exe ufw deny in from $1 to 224.0.0.0/4
+  exe ufw deny in from $1 to 239.0.0.0/8
+}
+
+VERSION_SEQREV=11
+. /usr/local/bin/sequencer.sh