diff --git a/roles/common/tasks/firewall_Alpine.yml b/roles/common/tasks/firewall_Alpine.yml
new file mode 100644
index 0000000..5b608f0
--- /dev/null
+++ b/roles/common/tasks/firewall_Alpine.yml
@@ -0,0 +1,15 @@
+---
+# TODO: configure awall (ipsets?)
+# TODO: configure fail2ban
+
+- block:
+  - name: Set Alpine firewall packages
+    set_fact:
+      alpine_firewall_packages:
+        - awall
+        - fail2ban
+
+  - name: Install Alpine firewall packages
+    apk: name={{ alpine_firewall_packages }} state=present
+
+# vim: set sw=2 ts=2: