Obviously UFW does not affect network protocols like DECnet or LAT but to allow incoming TCP/IP connections to a tap/tun interface that is being used by SIMH or QEMU you need to modify the firewall rules.
In order to do this after you have configured the network interface you need to give the guest machine running under SIMH or QEMU a static IP address (or assign it a permanent lease on your DHCP server). Then you can add the following entries at the end of the /etc/ufw/before.rules, before the line that says COMMIT to allow any incoming network traffic with a destination or source address that matches the IP address of your guest machine through the firewall.
# nano /etc/ufw/before.rules
Scroll to the bottom of the file and add the following lines – replacing nn.nn.nn.nn with the IP address of the virtual machine).
# Allow all traffic to nn.nn.nn.nn -A FORWARD -d nn.nn.nn.nn -j ACCEPT -A FORWARD -s nn.nn.nn.nn -j ACCEPT # don't delete the 'COMMIT' line or these rules won't be processed COMMIT
For these changes to take effect you need to restart ufw
# ufw disable Firewall stopped and disabled on system startup # ufw enable Firewall is active and enabled on system startup #
These settings can be disabled by commenting out the two new entries, however I've noticed that in this case the changes don't take effect until the system is rebooted.
If UFW is enabled then without these additional entries you will only be able to access the tan/tun interfaces from the physical host and not from any other machines on the network. This can be a bit confusing until you realize what is happening as it looks like everything is working (which it is), but you still can't connect from another machine using TCP/IP!