diff --git a/deploy.yml b/deploy.yml
index 2b44d10..0420a08 100644
--- a/deploy.yml
+++ b/deploy.yml
@@ -43,3 +43,33 @@
       tags:
         - ufw
 
+    - name: open ports
+      community.general.ufw:
+        rule: allow
+        proto: "{{ item[1] }}"
+        port: "{{ item[0] }}"
+        route: "{{ item[2] | default(omit) }}"
+      loop:
+        - [ 80, 'tcp', true ]     # traefik
+        - [ 443, 'tcp', true ]    # traefik
+        - [ 25, 'tcp', true ]     # smtp ntfy
+        - [ 51820, 'udp', true ]  # wireguard
+        - [ 53, 'udp', true ]  # technitium, dns
+        - [ 53, 'tcp', true ]  # technitium, dns
+        # - [ 1935, 'udp', true ] # owncast
+        # - [ 1935, 'tcp', true ] # owncast
+        - [ 2222, 'tcp', true ] # forgejo
+        - [ 22, 'tcp', true ] # forgejo
+      tags:
+        - ufw
+
+
+    - name: open all for own hosts
+      community.general.ufw:
+        rule: allow
+        from: "{{ item }}"
+      loop:
+        - 37.27.176.103 # muh.anyops.de
+          #        - 10.201.201.2 # wireguard
+      tags:
+        - ufw