diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index a31089e..d82ca68 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -26,6 +26,7 @@ open_ports:
   - { port: '80', proto: 'tcp', comment: 'HTTP' }
   - { port: '81', proto: 'tcp', comment: 'Pi-hole (not port-forwarded)' }
   - { port: '443', proto: 'tcp', comment: 'HTTPS' }
+  - { port: '443', proto: 'udp', comment: 'HTTPS' }
   - { port: '4001', proto: 'tcp', comment: 'IPFS Kubo P2P' }
   - { port: '4001', proto: 'udp', comment: 'IPFS Kubo P2P' }
   - { port: '5001', proto: 'tcp', comment: 'IPFS Kubo RPC API (not port-forwarded)' }
diff --git a/roles/os_config/tasks/firewall.yml b/roles/os_config/tasks/firewall.yml
index 9f2ea3e..0d61bad 100644
--- a/roles/os_config/tasks/firewall.yml
+++ b/roles/os_config/tasks/firewall.yml
@@ -2,11 +2,15 @@
 ---
 - name: Allow necessary ports in UFW
   community.general.ufw:
-    rule: allow
     to_port: "{{ item.port }}"
     proto: "{{ item.proto }}"
     comment: "{{ item.comment }}"
+    insert: "{{ ansible_loop.index }}"
+    rule: allow
   loop: "{{ open_ports }}"
+  loop_control:
+    extended: true
+    extended_allitems: false
 
 - name: Enable UFW
   community.general.ufw: