Comment 1 for bug 1532386

ufw supports gre as of 0.34 and this with tcp should be all that is required. Note, in reviewing this bug I came across http://northernmost.org/blog/gre-tunnels-and-ufw/index.html which (in essence) states that in 3.18 and later kernels you need to load the nf_conntrack_pptp module for GRE packets to not be marked as INVALID. You can load this module in the standard way for your distribution or you can have ufw do it for you by adding it to IPT_MODULES in /etc/default/ufw.