diff --git a/playbooks/firewall.yml b/playbooks/firewall.yml
new file mode 100644
index 0000000..4fe6b7b
--- /dev/null
+++ b/playbooks/firewall.yml
@@ -0,0 +1,4 @@
+- name: Configure firewall
+  hosts: nucs
+  roles:
+    - firewall
diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
new file mode 100644
index 0000000..f048953
--- /dev/null
+++ b/roles/firewall/tasks/main.yml
@@ -0,0 +1,21 @@
+- name: Install firewalld
+  apt:
+    pkg:
+      - firewalld
+    state: latest
+    update_cache: true
+- name: Allow SSH
+  firewalld:
+    service: ssh
+    permanent: yes
+    state: enabled
+- name: Allow DHCPv6
+  firewalld:
+    service: dhcpv6-client
+    permanent: yes
+    state: enabled
+- name: Start firewalld
+  systemd:
+    enabled: true
+    name: sshd
+    state: started