Some basic commands that you can use for iptables. There are INPUT, FORWARD, and OUTPUT filters. The default policy (either ACCEPT or DROP) determine the default action in case there are no rules that matched.
If you want to see how your rules are working, you can add a rule for logging;
iptables -A <INPUT/FORWARD/OUTPUT> -j LOG --log-prefix="INPUT/FORWARD/OUTPUT prefix" --log-level=3
(The -j represents a keyword target 'LOG', and it uses the --log-prefix and --log-level as supplementary commands.)
To replace an existing iptables rule (they are numbered from starting from 1), you can do:
iptables -R INPUT/FORWARD/OUTPUT <rule #> rule>
To insert a rule in the beginning of the chain, you can do:
iptables -I INPUT/FORWARD/OUTPUT rule
If you don't want to have a default ACCEPT policy for the FORWARD iptables chain that is mentioned in a lot of PPTPD documentation, you can do:
-A ufw-before-forward -i ppp0 -o eth0 -j ACCEPT -A ufw-before-forward -i eth0 -o ppp0 -j ACCEPT
Apparently ufw adds some extra iptables rules called ufw-before-input, ufw-before-output, and ufw-before-forward so you can take advantage of those rules.