Hello, World! I’m Muhammad Kamran Kabeer. As an IT Instructor and the founder of MK EduOps Solutions, I often see students and small businesses focus on "getting things to work" while completely ignoring "getting things secured."Today, I’m sharing Lab 1 from my new series: The Hardened Gateway. We will use Ansible to automate the security of a Linux server on a Dell Latitude E7440 (or any Ubuntu/Debian machine). 🛡️ Why "Default Deny"?Most people try to block "bad" ports. The professional way is to deny everything and only open what you need. This is the "Zero-Trust" mindset. 🛠️ The Automation CodeHere is the Ansible block I use to secure my lab environments: name: Lab 1 - The Hardened Gatewayhosts: localhostbecome: yestasks: Check out the full lab repository here:https://github.com/muhammadkamrankabeer-oss/MK-EduOps-Labs Templates let you quickly answer FAQs or store snippets for re-use. as well , this person and/or - name: Lab 1 - The Hardened Gatewayhosts: localhostbecome: yestasks: name: Ensure UFW is installedapt: { name: ufw, state: present }name: Set Default Policies to DENYcommunity.general.ufw: { state: enabled, policy: deny, direction: incoming }name: Allow Essential Trafficcommunity.general.ufw: { rule: allow, port: "{{ item }}", proto: tcp }loop: ['22', '80', '443', '81']🚀 The ResultRunning this ensures that only SSH and Web traffic can enter. Everything else—unsecured databases, internal APIs, or forgotten services—is hidden from the world.- name: Ensure UFW is installedapt: { name: ufw, state: present }- name: Set Default Policies to DENYcommunity.general.ufw: { state: enabled, policy: deny, direction: incoming }- name: Allow Essential Trafficcommunity.general.ufw: { rule: allow, port: "{{ item }}", proto: tcp }loop: ['22', '80', '443', '81']🚀 The ResultRunning this ensures that only SSH and Web traffic can enter. Everything else—unsecured databases, internal APIs, or forgotten services—is hidden from the world. - name: Ensure UFW is installedapt: { name: ufw, state: present }- name: Set Default Policies to DENYcommunity.general.ufw: { state: enabled, policy: deny, direction: incoming }- name: Allow Essential Trafficcommunity.general.ufw: { rule: allow, port: "{{ item }}", proto: tcp }loop: ['22', '80', '443', '81']🚀 The ResultRunning this ensures that only SSH and Web traffic can enter. Everything else—unsecured databases, internal APIs, or forgotten services—is hidden from the world.