diff --git a/add_balancer.yml b/add_balancer.yml
index 75dafcd7a3..bcc012c546 100644
--- a/add_balancer.yml
+++ b/add_balancer.yml
@@ -103,7 +103,7 @@
       tags: firewall
 
   roles:
-    - role: ansible-role-firewall
+    - role: "fw_{{ firewall_type }}"
       environment: "{{ proxy_env | default({}) }}"
       vars:
         firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
diff --git a/add_pgnode.yml b/add_pgnode.yml
index 6dd6f68b70..9377aa3385 100644
--- a/add_pgnode.yml
+++ b/add_pgnode.yml
@@ -112,7 +112,7 @@
       tags: firewall
 
   roles:
-    - role: ansible-role-firewall
+    - role: "fw_{{ firewall_type }}"
       environment: "{{ proxy_env | default({}) }}"
       vars:
         firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
diff --git a/balancers.yml b/balancers.yml
index 9a2cfb2189..1f3a76afa7 100644
--- a/balancers.yml
+++ b/balancers.yml
@@ -76,7 +76,7 @@
       tags: firewall
 
   roles:
-    - role: ansible-role-firewall
+    - role: "fw_{{ firewall_type }}"
       environment: "{{ proxy_env | default({}) }}"
       vars:
         firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
diff --git a/config_pgcluster.yml b/config_pgcluster.yml
index 42110ab418..38afad70dc 100644
--- a/config_pgcluster.yml
+++ b/config_pgcluster.yml
@@ -121,7 +121,7 @@
       when: dcs_type == "consul" and consul_dnsmasq_enable | bool and ('127.0.0.1' not in (nameservers | default([])))
 
   roles:
-    - role: ansible-role-firewall
+    - role: "fw_{{ firewall_type }}"
       vars:
         firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
         firewall_additional_rules: "{{ firewall_rules_dynamic_var | default([]) | unique }}"
diff --git a/consul.yml b/consul.yml
index 38e9238e53..4cfb593866 100644
--- a/consul.yml
+++ b/consul.yml
@@ -132,7 +132,7 @@
       when: dcs_type == "consul" and consul_dnsmasq_enable | bool and ('127.0.0.1' in (consul_dnsmasq_servers | default([])))
 
   roles:
-    - role: ansible-role-firewall
+    - role: "fw_{{ firewall_type }}"
       vars:
         firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
         firewall_additional_rules: "{{ firewall_rules_dynamic_var | default([]) | unique }}"
diff --git a/deploy_pgcluster.yml b/deploy_pgcluster.yml
index 2c12035dfe..523411c5d2 100644
--- a/deploy_pgcluster.yml
+++ b/deploy_pgcluster.yml
@@ -1,5 +1,4 @@
 ---
-
 - name: Deploy PostgreSQL HA Cluster (based on "Patroni")
   hosts: all
   become: true
@@ -99,7 +98,7 @@
     # Ansible requires the iproute package for network facts to be populated
     - name: Make sure that the iproute is installed
       ansible.builtin.package:
-        name: iproute
+        name: "iproute"
         state: present
       register: package_status
       until: package_status is success
@@ -109,7 +108,7 @@
 
     - name: Make sure that the iproute is installed
       ansible.builtin.apt:
-        name: iproute2
+        name: "iproute2"
         state: present
       register: apt_status
       until: apt_status is success
@@ -168,7 +167,7 @@
       when: dcs_type == "consul" and consul_dnsmasq_enable | bool and ('127.0.0.1' not in (nameservers | default([])))
 
   roles:
-    - role: ansible-role-firewall
+    - role: "fw_{{ firewall_type }}"
       environment: "{{ proxy_env | default({}) }}"
       vars:
         firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
diff --git a/etcd_cluster.yml b/etcd_cluster.yml
index 9ad9716910..fd337853b4 100644
--- a/etcd_cluster.yml
+++ b/etcd_cluster.yml
@@ -64,7 +64,7 @@
       tags: firewall
 
   roles:
-    - role: ansible-role-firewall
+    - role: "fw_{{ firewall_type }}"
       environment: "{{ proxy_env | default({}) }}"
       vars:
         firewall_allowed_tcp_ports: "{{ firewall_ports_dynamic_var | default([]) | unique }}"
diff --git a/roles/fw_firewalld/defaults/main.yml b/roles/fw_firewalld/defaults/main.yml
new file mode 100644
index 0000000000..e85cc08311
--- /dev/null
+++ b/roles/fw_firewalld/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+firewall_state: started
+firewall_enabled_at_boot: true
+
+firewall_allowed_tcp_ports:
+  - "22"
diff --git a/roles/fw_firewalld/handlers/main.yml b/roles/fw_firewalld/handlers/main.yml
new file mode 100644
index 0000000000..b77a11bb67
--- /dev/null
+++ b/roles/fw_firewalld/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reload firewalld
+  ansible.builtin.service:
+    name: firewalld
+    state: reloaded
diff --git a/roles/fw_firewalld/tasks/disable-other-firewalls.yml b/roles/fw_firewalld/tasks/disable-other-firewalls.yml
new file mode 100644
index 0000000000..224b38ff49
--- /dev/null
+++ b/roles/fw_firewalld/tasks/disable-other-firewalls.yml
@@ -0,0 +1,14 @@
+---
+- name: Disable iptables/firewall service.
+  ansible.builtin.service:
+    name: firewall
+    state: stopped
+    enabled: false
+  when: ansible_facts.services['firewall.service'] is defined
+
+- name: Disable ufw/firewall service.
+  ansible.builtin.service:
+    name: ufw
+    state: stopped
+    enabled: false
+  when: ansible_facts.services['ufw.service'] is defined
diff --git a/roles/fw_firewalld/tasks/main.yml b/roles/fw_firewalld/tasks/main.yml
new file mode 100644
index 0000000000..a87d8751e0
--- /dev/null
+++ b/roles/fw_firewalld/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: Ensure firewalld is present.
+  ansible.builtin.package:
+    name: firewalld
+    state: present
+  register: package_status
+  until: package_status is success
+  delay: 5
+  retries: 3
+
+- name: Configure the firewalld service.
+  ansible.builtin.service:
+    name: firewalld
+    state: "{{ firewall_state }}"
+    enabled: "{{ firewall_enabled_at_boot }}"
+
+- name: Configure the firewall service.
+  ansible.posix.firewalld:
+    port: "{{ item }}/tcp"
+    immediate: true
+    permanent: true
+    state: enabled
+  with_items: "{{ firewall_allowed_tcp_ports }}"
+  notify: reload firewalld
+
+- name: Get services status.
+  ansible.builtin.service_facts:
+
+- ansible.builtin.import_tasks: disable-other-firewalls.yml
+  when: ansible_facts.services['firewall.service'] is defined or ansible_facts.services['ufw.service'] is defined
diff --git a/roles/ansible-role-firewall/.gitignore b/roles/fw_iptables/.gitignore
similarity index 100%
rename from roles/ansible-role-firewall/.gitignore
rename to roles/fw_iptables/.gitignore
diff --git a/roles/ansible-role-firewall/.travis.yml b/roles/fw_iptables/.travis.yml
similarity index 100%
rename from roles/ansible-role-firewall/.travis.yml
rename to roles/fw_iptables/.travis.yml
diff --git a/roles/ansible-role-firewall/.yamllint b/roles/fw_iptables/.yamllint
similarity index 100%
rename from roles/ansible-role-firewall/.yamllint
rename to roles/fw_iptables/.yamllint
diff --git a/roles/ansible-role-firewall/LICENSE b/roles/fw_iptables/LICENSE
similarity index 100%
rename from roles/ansible-role-firewall/LICENSE
rename to roles/fw_iptables/LICENSE
diff --git a/roles/ansible-role-firewall/README.md b/roles/fw_iptables/README.md
similarity index 100%
rename from roles/ansible-role-firewall/README.md
rename to roles/fw_iptables/README.md
diff --git a/roles/ansible-role-firewall/defaults/main.yml b/roles/fw_iptables/defaults/main.yml
similarity index 100%
rename from roles/ansible-role-firewall/defaults/main.yml
rename to roles/fw_iptables/defaults/main.yml
diff --git a/roles/ansible-role-firewall/handlers/main.yml b/roles/fw_iptables/handlers/main.yml
similarity index 100%
rename from roles/ansible-role-firewall/handlers/main.yml
rename to roles/fw_iptables/handlers/main.yml
diff --git a/roles/ansible-role-firewall/tasks/disable-other-firewalls.yml b/roles/fw_iptables/tasks/disable-other-firewalls.yml
similarity index 100%
rename from roles/ansible-role-firewall/tasks/disable-other-firewalls.yml
rename to roles/fw_iptables/tasks/disable-other-firewalls.yml
diff --git a/roles/ansible-role-firewall/tasks/main.yml b/roles/fw_iptables/tasks/main.yml
similarity index 100%
rename from roles/ansible-role-firewall/tasks/main.yml
rename to roles/fw_iptables/tasks/main.yml
diff --git a/roles/ansible-role-firewall/templates/firewall.bash.j2 b/roles/fw_iptables/templates/firewall.bash.j2
similarity index 100%
rename from roles/ansible-role-firewall/templates/firewall.bash.j2
rename to roles/fw_iptables/templates/firewall.bash.j2
diff --git a/roles/ansible-role-firewall/templates/firewall.init.j2 b/roles/fw_iptables/templates/firewall.init.j2
similarity index 100%
rename from roles/ansible-role-firewall/templates/firewall.init.j2
rename to roles/fw_iptables/templates/firewall.init.j2
diff --git a/roles/ansible-role-firewall/templates/firewall.unit.j2 b/roles/fw_iptables/templates/firewall.unit.j2
similarity index 100%
rename from roles/ansible-role-firewall/templates/firewall.unit.j2
rename to roles/fw_iptables/templates/firewall.unit.j2
diff --git a/roles/fw_ufw/defaults/main.yml b/roles/fw_ufw/defaults/main.yml
new file mode 100644
index 0000000000..e85cc08311
--- /dev/null
+++ b/roles/fw_ufw/defaults/main.yml
@@ -0,0 +1,6 @@
+---
+firewall_state: started
+firewall_enabled_at_boot: true
+
+firewall_allowed_tcp_ports:
+  - "22"
diff --git a/roles/fw_ufw/handlers/main.yml b/roles/fw_ufw/handlers/main.yml
new file mode 100644
index 0000000000..686dda239d
--- /dev/null
+++ b/roles/fw_ufw/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: reload ufw
+  ansible.builtin.service:
+    name: ufw
+    state: reloaded
diff --git a/roles/fw_ufw/tasks/disable-other-firewalls.yml b/roles/fw_ufw/tasks/disable-other-firewalls.yml
new file mode 100644
index 0000000000..c26d775226
--- /dev/null
+++ b/roles/fw_ufw/tasks/disable-other-firewalls.yml
@@ -0,0 +1,14 @@
+---
+- name: Disable iptables/firewall service.
+  ansible.builtin.service:
+    name: firewall
+    state: stopped
+    enabled: false
+  when: ansible_facts.services['firewall.service'] is defined
+
+- name: Disable firewalld service.
+  ansible.builtin.service:
+    name: firewalld
+    state: stopped
+    enabled: false
+  when: ansible_facts.services['firewalld.service'] is defined
diff --git a/roles/fw_ufw/tasks/main.yml b/roles/fw_ufw/tasks/main.yml
new file mode 100644
index 0000000000..8bee6a62d4
--- /dev/null
+++ b/roles/fw_ufw/tasks/main.yml
@@ -0,0 +1,43 @@
+---
+- name: Ensure ufw is present.
+  ansible.builtin.package:
+    namee: ufw
+    state: present
+  register: package_status
+  until: package_status is success
+  delay: 5
+  retries: 3
+
+- name: Enable ufw service
+  ansible.builtin.service:
+    name: ufw
+    state: started
+    enabled: true
+
+- name: Configure | default (incoming) policy
+  community.general.ufw:
+    policy: "deny"
+    state: enabled
+    direction: incoming
+  notify: reload ufw
+
+- name: Configure | default (outgoing) policy
+  community.general.ufw:
+    policy: "allow"
+    state: enabled
+    direction: outgoing
+  notify: reload ufw
+
+- name: Configure the ufw service.
+  community.general.ufw:
+    rule: allow
+    port: "{{ item }}"
+    proto: tcp
+  with_items: "{{ firewall_allowed_tcp_ports }}"
+  notify: reload ufw
+
+- name: Get services status.
+  ansible.builtin.service_facts:
+
+- ansible.builtin.import_tasks: disable-other-firewalls.yml
+  when: ansible_facts.services['firewall.service'] is defined or ansible_facts.services['firewalld.service'] is defined
diff --git a/vars/system.yml b/vars/system.yml
index 6dae04e931..4a856d4bce 100644
--- a/vars/system.yml
+++ b/vars/system.yml
@@ -131,7 +131,8 @@ sudo_users:
 
 
 # Firewall
-firewall_enabled_at_boot: false  # or 'true' for configure firewall (iptables)
+firewall_enabled_at_boot: false  # or 'true' for configure firewall
+firewall_type: "iptables"  # available 'iptables','firewalld','ufw'
 
 firewall_allowed_tcp_ports_for:
   master: []