UFW - custom options

Are there any settings in the environment files for UFW? By default, our monolith is configured as follows (note we use OpenVPN on port 1194):

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
1194/udp                   ALLOW IN    Anywhere
22 on tun0                 ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere
22                         ALLOW IN    Anywhere
60000:61000/udp            ALLOW IN    Anywhere
22/tcp                     LIMIT IN    Anywhere

Since the ISP doesn’t provide a second layer firewall, we’re relying on UFW and would like this configuration (only listen for ssh on the VPN adapter):

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
1194/udp                   ALLOW IN    Anywhere
22 on tun0                 ALLOW IN    Anywhere
80/tcp                     ALLOW IN    Anywhere
443/tcp                    ALLOW IN    Anywhere
60000:61000/udp            ALLOW IN    Anywhere

However, when settings are updated and deployed, the system seems to add port 22 back on all adapters. It would be great if we could allow our preferred firewall config instead of remembering to update it if a code or config update is made.

Thanks!