diff --git a/README.md b/README.md
index d3bd479..c1075ff 100644
--- a/README.md
+++ b/README.md
@@ -28,8 +28,12 @@ ansible-galaxy collection install -r requirements.yml
 
 ## Usage
 
+If you have a password on your ssh key `--ask-pass` is recommended, `--ask-become-pass` is always asked in these roles, as most tasks require elevated privileges. These are dropped time to time when the default user privilege is enough.
+
 ```sh
-ansible-playbook -i inventory/hosts.yml playbook.yml --ask-become-pass
+ansible-playbook -i inventory/hosts.yml playbook.yml \
+--ask-pass \
+--ask-become-pass
 ```
 
 ## Target devices configuration
diff --git a/roles/nfs-server/tasks/main.yml b/roles/nfs-server/tasks/main.yml
index 3b8467a..6bd803f 100644
--- a/roles/nfs-server/tasks/main.yml
+++ b/roles/nfs-server/tasks/main.yml
@@ -35,4 +35,5 @@
     port: "{{ nfs_port }}"
     proto: any
     direction: in
+    comment: "Network File System (NFS)"
   with_items: "{{ nfs_server_firewall_allowed_sources | default([]) }}"
diff --git a/roles/ntpd/tasks/main.yml b/roles/ntpd/tasks/main.yml
index 74f856b..d338528 100644
--- a/roles/ntpd/tasks/main.yml
+++ b/roles/ntpd/tasks/main.yml
@@ -45,4 +45,5 @@
     proto: udp
     src: "{{ item }}"
     direction: in
+    comment: "NTP traffic"
   loop: "{{ ntp_firewall_allowed_sources | default([]) }}"
diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml
index 675fd8c..53d22aa 100644
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@@ -26,6 +26,7 @@
     proto: tcp
     from: "{{ ssh_allowed_network }}"
     direction: in
+    comment: "SSH from local network"
 
 - name: Allow SSH VPN incoming connection
   ufw:
@@ -34,6 +35,7 @@
     proto: tcp
     from: "{{ ssh_allowed_vpn_network }}"
     direction: in
+    comment: "SSH from VPN network"
 
 - name: Add SSH public key to authorized_keys
   authorized_key: