diff --git a/roles/common/defaults/main.yml b/roles/common/defaults/main.yml
index 7f50301..cab4379 100644
--- a/roles/common/defaults/main.yml
+++ b/roles/common/defaults/main.yml
@@ -134,3 +134,22 @@ common_xanmod_package_name: "linux-xanmod-x64v{{ current_level }}"
 
 # Default for firewall
 common_open_ports: ""
+common_closed_networks:
+# private networks
+  - "10.0.0.0/8"
+  - "172.16.0.0/12"
+  - "192.168.0.0/16"
+# docs and examples
+  - "192.0.2.0/24"
+  - "198.51.100.0/24"
+  - "203.0.113.0/24"
+# CGNAT range
+  - "100.64.0.0/10"
+# link local range
+  - "169.254.0.0/16"
+# multicast
+  - "224.0.0.0/4"
+# reserver range
+  - "240.0.0.0/4"
+# IANA test range
+  - "198.18.0.0/15"
diff --git a/roles/common/tasks/ufw.yml b/roles/common/tasks/ufw.yml
index d5fc60c..0f5f53d 100644
--- a/roles/common/tasks/ufw.yml
+++ b/roles/common/tasks/ufw.yml
@@ -18,6 +18,14 @@
   with_items:
     - "{{ change_sshd_port_configured_port }}"
 
+- name: "Common | {{ role | upper() }} | UFW | Deny outbound traffic to private networks"
+  community.general.ufw:
+    rule: deny
+    direction: out
+    to_ip: "{{ item }}"
+  with_items:
+    - "{{ common_closed_networks }}"
+
 - name: "Common | {{ role | upper() }} | UFW | Enable firewall service"
   community.general.ufw:
     state: enabled