doc: add ufw description

README.md

@@ -28,8 +28,12 @@ ansible-galaxy collection install -r requirements.yml
 
 ## Usage
 
+If you have a password on your ssh key `--ask-pass` is recommended, `--ask-become-pass` is always asked in these roles, as most tasks require elevated privileges. These are dropped time to time when the default user privilege is enough.
+
 ```sh
-ansible-playbook -i inventory/hosts.yml playbook.yml --ask-become-pass
+ansible-playbook -i inventory/hosts.yml playbook.yml \
+--ask-pass \
+--ask-become-pass
 ```
 
 ## Target devices configuration

roles/nfs-server/tasks/main.yml

@@ -35,4 +35,5 @@
     port: "{{ nfs_port }}"
     proto: any
     direction: in
+    comment: "Network File System (NFS)"
   with_items: "{{ nfs_server_firewall_allowed_sources | default([]) }}"

roles/ntpd/tasks/main.yml

@@ -45,4 +45,5 @@
     proto: udp
     src: "{{ item }}"
     direction: in
+    comment: "NTP traffic"
   loop: "{{ ntp_firewall_allowed_sources | default([]) }}"

roles/sshd/tasks/main.yml

@@ -26,6 +26,7 @@
     proto: tcp
     from: "{{ ssh_allowed_network }}"
     direction: in
+    comment: "SSH from local network"
 
 - name: Allow SSH VPN incoming connection
   ufw:
@@ -34,6 +35,7 @@
     proto: tcp
     from: "{{ ssh_allowed_vpn_network }}"
     direction: in
+    comment: "SSH from VPN network"
 
 - name: Add SSH public key to authorized_keys
   authorized_key: