diff --git a/ansible/roles/btc/tasks/ufw.yml b/ansible/roles/btc/tasks/ufw.yml
new file mode 100644
index 0000000..4398ba9
--- /dev/null
+++ b/ansible/roles/btc/tasks/ufw.yml
@@ -0,0 +1,21 @@
+- name: Install Uncomplicated Firewall
+  ansible.builtin.package:
+    name: ufw
+    state: present
+
+- name: Allow OpenSSH inbound
+  community.general.ufw:
+    rule: allow
+    name: OpenSSH # Uses standard profile located in /etc/ufw/applications.d
+
+- name: Apply rate limiting to ssh inbound
+  community.general.ufw:
+    rule: limit
+    port: ssh
+    proto: tcp
+  
+- name: Enable ufw
+  ansible.builtin.service:
+    name: ufw
+    state: started
+    enabled: yes