diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml
new file mode 100644
index 0000000..03c940c
--- /dev/null
+++ b/ansible/roles/ufw/tasks/main.yml
@@ -0,0 +1,26 @@
+- name: Install ufw
+  become: true
+  ansible.builtin.apt:
+    update_cache: true
+    pkg:
+      - ufw
+
+- name: Set logging
+  become: true
+  community.general.ufw:
+    logging: "on"
+
+- name: Allow port 22 and enable UFW
+  become: true
+  community.general.ufw:
+    state: enabled
+    rule: allow
+    proto: tcp
+    port: "22"
+
+- name: Enable and start ufw service
+  become: true
+  ansible.builtin.service:
+    name: ufw
+    enabled: true
+    state: started