diff --git a/plugins/ufw/README.md b/plugins/ufw/README.md
index ffcc6d6f7..0eb0bd8dd 100644
--- a/plugins/ufw/README.md
+++ b/plugins/ufw/README.md
@@ -16,3 +16,4 @@ Some of the commands include:
 * `deny <port>/<optional: protocol>` add deny rule
 * `disable` disables the firewall
 * `enable` enables the firewall
+* `ufw-lockdown` full reset firewall and allow SSH only
diff --git a/plugins/ufw/ufw.plugin.zsh b/plugins/ufw/ufw.plugin.zsh
new file mode 100644
index 000000000..872a10003
--- /dev/null
+++ b/plugins/ufw/ufw.plugin.zsh
@@ -0,0 +1,9 @@
+# Function: Full reset and allow SSH only
+ufw-lockdown() {
+  echo "Locking down firewall (allow only SSH)..."
+  sudo ufw reset
+  sudo ufw default deny incoming
+  sudo ufw default allow outgoing
+  sudo ufw allow ssh
+  sudo ufw enable
+}