Fix: UFW Missing Default Deny Rule

Without a default deny rule, UFW allows all incoming connections that don't match a specific rule. The firewall should deny all incoming traffic and only allow explicitly permitted ports.

sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

# Verify:
sudo ufw status verbose | grep "Default:"
# Should show: Default: deny (incoming), allow (outgoing)