diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 7d08d84..49e2c96 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -79,3 +79,26 @@
 - include: software.yml
 - include: users.yml
 - include: raspi-config.yml
+
+# Configure firewall
+- name: allow SSH through UFW
+  ufw:
+    rule: allow
+    port: ssh
+    proto: tcp
+    log: yes
+
+- name: set default incoming UFW policy to deny
+  ufw:
+    direction: incoming
+    policy: deny
+
+- name: set default outgoing UFW policy to deny
+  ufw:
+    direction: outgoing
+    policy: allow
+
+- name: enable UFW
+  ufw:
+    state: enabled
+    logging: yes
diff --git a/roles/common/tasks/software.yml b/roles/common/tasks/software.yml
index 816ec2b..077387a 100644
--- a/roles/common/tasks/software.yml
+++ b/roles/common/tasks/software.yml
@@ -31,5 +31,6 @@
       - vim
       - git
       - python-pip
+      - ufw
   tags:
     - sw