diff --git a/roles/secure/defaults/main.yml b/roles/secure/defaults/main.yml
index 8006c1c..6166fef 100644
--- a/roles/secure/defaults/main.yml
+++ b/roles/secure/defaults/main.yml
@@ -11,6 +11,7 @@ common_firewall:
   - port: 22
     rule: allow
     state: present
+    direction: in
     interface: "{{ common_firewall_lan_interface if common_firewall_lan_interface }}"
     comment: "Allow incoming connections on {{ common_firewall_lan_interface if common_firewall_lan_interface else 'all interfaces' }}"
 
diff --git a/roles/secure/tasks/main.yml b/roles/secure/tasks/main.yml
index 186bec5..ba0e9ed 100644
--- a/roles/secure/tasks/main.yml
+++ b/roles/secure/tasks/main.yml
@@ -41,6 +41,7 @@
     port: "{{ rule.port }}"
     rule: "{{ rule.rule | default('allow') }}"
     delete: "{{ true if rule.state == 'absent' else false | default(false) }}"
+    direction: "{{ rule.direction | default('in') }}"
     proto: "{{ rule.protocol | default('tcp') }}"
     interface: "{{ rule.interface if rule.interface != 'all' else omit }}"
     comment: "{{ rule.comment | default('Custom rule for port {{ rule.port }} on {{ rule.interface }}') }}"