By making the firewall stateful and the first rule the typical -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT the vast majority of legitimate traffic to your server is accepted after passing only that single rule. That traffic doesn't need to traverse any other rules.
netfilter-persistent package from Debian is useful for save/restore rules.
When using Ansible module to modify the systems iptables - When
reject-with used no need to add
jump=reject because it will duplicate
-j for iptables and throw an error; when using
! for rules, use it whit quotes: