diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index c50f3f6..aed5890 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -21,3 +21,11 @@ users:
       - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBN7XhL364LZ4rnEnmpV59Qehw3ldqEb7XX5DWTAb/XH cicd
       - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
       - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
+
+open_ports:
+  - { port: '22', proto: 'tcp', comment: 'SSH' }
+  - { port: '80', proto: 'tcp', comment: 'HTTP' }
+  - { port: '443', proto: 'tcp', comment: 'HTTPS' }
+  - { port: '5223', proto: 'tcp', comment: 'SMP server' }
+  - { port: '5443', proto: 'tcp', comment: 'XFTP server' }
+  - { port: '10000', proto: 'udp', comment: 'Jitsi Videobridge' }
diff --git a/roles/os_config/tasks/firewall.yml b/roles/os_config/tasks/firewall.yml
index ebf24d2..4579d37 100644
--- a/roles/os_config/tasks/firewall.yml
+++ b/roles/os_config/tasks/firewall.yml
@@ -4,15 +4,9 @@
   community.general.ufw:
     rule: allow
     port: "{{ item.port }}"
-    proto: "{{ item.proto | default('tcp') }}"
-  loop:
-    - port: '22'    # SSH
-    - port: '80'    # HTTP
-    - port: '443'   # HTTPS
-    - port: '5223'  # SMP server
-    - port: '5443'  # XFTP server
-    - port: '10000' # Jitsi Videobridge
-      proto: udp
+    proto: "{{ item.proto }}"
+    comment: "{{ item.comment }}"
+  loop: "{{ open_ports }}"
 
 - name: Enable UFW
   community.general.ufw: