Maybe someone can double check these, but to clarify I believe the correct firewall rules to block port 8181 except from localhost 127.0.0.1 are either:
using iptables:
sudo /sbin/iptables -A INPUT -p tcp -s localhost --dport 8181 -j ACCEPT
sudo /sbin/iptables -A INPUT -p tcp --dport 8181 -j DROP
using ufw:
sudo ufw allow in from 127.0.0.1 to any port 8181
sudo ufw deny in from any to any port 8181
using gufw (tested):
add a 'simple' rule with Rule Name, allow, in, both, 8181
add an 'advanced' rule wth Rule Name, insert position 1, allow, in, all interfaces, log or not, both, from 127.0.0.1 port 8181, to 0.0.0.0/0, port 8181 (or leave blank).
Im not positive on the destination IP, whether it should be to all or not…