Stop with the low effort comments and learn to read. You would do everybody, including yourself, a favor.

Just to be clear this is a killswitch, that’s what you want right? So that it’s only possible to connect through the VPN (tun0). And if the VPN goes down your internet gets “killed” so you don’t leak your IP.

In that case you want to start ufw when you system starts, so you would need to whitelist your VPN but if your VPN is already connected it should work without whitelisting the IP I guess but never tried it since that’s not recommended.

This is how I do it:

sudo ufw default deny outgoing
sudo ufw default deny incoming
sudo ufw allow out on tun0 from any to any

sudo ufw allow out to VPN_IP_ADDRESS proto udp

You have to do the last line for all your VPN server ips or the initial DNS request will not go through. If you connect through udp.