diff --git a/roles/fail2ban/tasks/main.yml b/roles/fail2ban/tasks/main.yml
index 62fe7ad..6346ab7 100644
--- a/roles/fail2ban/tasks/main.yml
+++ b/roles/fail2ban/tasks/main.yml
@@ -52,6 +52,16 @@
         daemon_reload: true
       when: not override_conf.stat.exists
 
+- name: Enable UFW
+  community.general.ufw:
+    state: enabled
+
+- name: Enable UFW service at startup
+  ansible.builtin.systemd:
+    name: ufw
+    enabled: true
+    state: started
+
 - name: Start and enable fail2ban
   ansible.builtin.service:
     name: fail2ban
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index b54ebd2..8dfe5b4 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -46,16 +46,17 @@
     src: wireguard.conf.j2
     dest: /etc/wireguard/{{ wireguard_interface }}.conf
 
-- name: Start and enable service
-  ansible.builtin.service:
-    name: wg-quick@{{ wireguard_interface }}
-    state: started
-    enabled: true
-    daemon_reload: true
-
 - name: Configure the firewall for wireguard
   community.general.ufw:
     rule: allow
     port: "{{ wireguard_port }}"
     proto: udp
     direction: in
+    comment: Wireguard VPN
+
+- name: Start and enable service
+  ansible.builtin.service:
+    name: wg-quick@{{ wireguard_interface }}
+    state: started
+    enabled: true
+    daemon_reload: true