diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8000dd9
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.vagrant
diff --git a/roles/iptables/tasks/main.yml b/roles/iptables/tasks/main.yml
new file mode 100644
index 0000000..ca2dca9
--- /dev/null
+++ b/roles/iptables/tasks/main.yml
@@ -0,0 +1,69 @@
+- name: install iptables
+  apt:
+    name: iptables
+    state: present
+    update_cache: yes
+  become: True
+
+- name: use legacy version of iptables
+  alternatives:
+    name: "{{ item }}"
+    path: "/usr/sbin/{{ item }}-legacy"
+  with_items:
+    - iptables
+    - ip6tables
+  become: True
+
+- name: flush all the iptables rules
+  iptables:
+    flush: true
+  become: True
+
+- name: firewall rule - allow incoming loopback traffic
+  iptables:
+    chain: INPUT
+    in_interface: lo
+    jump: ACCEPT
+  become: True
+
+- name: firewall rule - allow outgoing loopback traffic
+  iptables:
+    chain: OUTPUT
+    out_interface: lo
+    jump: ACCEPT
+  become: True
+
+- name: firewall rule - allow established connections
+  iptables:
+    chain: INPUT
+    ctstate: ESTABLISHED,RELATED
+    jump: ACCEPT
+  become: True
+
+- name: firewall rule - allow incoming SSH
+  iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: 22
+    ctstate: NEW,ESTABLISHED
+    jump: ACCEPT
+  become: True
+
+- name: firewall rule - allow outgoing SSH
+  iptables:
+    chain: OUTPUT
+    protocol: tcp
+    source_port: 22
+    ctstate: ESTABLISHED
+    jump: ACCEPT
+  become: True
+
+- name: set the policy for main chains to DROP
+  iptables:
+    chain: "{{ item }}"
+    policy: DROP
+  with_items:
+    - INPUT
+    - FORWARD
+    - OUTPUT
+  become: True
diff --git a/tests/Vagrantfile b/tests/Vagrantfile
new file mode 100644
index 0000000..b83ad52
--- /dev/null
+++ b/tests/Vagrantfile
@@ -0,0 +1,10 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+  config.vm.box = "debian/buster64"
+  config.vm.provision "ansible" do |ansible|
+    ansible.compatibility_mode = "2.0"
+    ansible.playbook = "test.yml"
+  end
+end
diff --git a/tests/test.yml b/tests/test.yml
new file mode 100644
index 0000000..2129ded
--- /dev/null
+++ b/tests/test.yml
@@ -0,0 +1,5 @@
+---
+- name: tests for ansible on mornie.org
+  hosts: all
+  roles:
+    - {role: ../roles/iptables}