TIL: iptables
By making the firewall stateful and the first rule the typical
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
the vast majority of legitimate traffic to your server is
accepted after passing only that single rule.
That traffic doesn't need to traverse any other rules.
The netfilter-persistent package from Debian is useful for save/restore rules.
When using Ansible module to modify the systems iptables - When reject-with used no need to add jump=reject because it will duplicate -j for iptables and throw an error; when using ! for rules, use it whit quotes: "!.."