diff --git a/README.rst b/README.rst
index 98d712d56d4b81a9b8da7b742be8d7255d2db17f..568dda6d5a4805dc87be3e10fd43558e4486546f 100644
--- a/README.rst
+++ b/README.rst
@@ -18,9 +18,6 @@ Role Variables
 ::
 
     extra_tls_certs: [] # List of filenames of TLS certs to be added.
-    ufw: True # To enable UFW.
-    ufw_policy: deny # Default UFW policy.
-    extra_repos: [] # List of Debian repos to add.
     backports: False # To enable Debian backports repos.
     ssh_ca: # TBD.
     syslog_server: # The address of syslog server to forward.
@@ -51,7 +48,6 @@ Example Playbook
       roles:
       - role: common
         extra_tls_certs: ['vagrant.crt', 'example.com.crt']
-        ufw_policy: deny
         tls_key: 'servers.key'
         tls_cert: 'server.crt'
 
diff --git a/defaults/main.yml b/defaults/main.yml
index 05fc4de0f944ff7b6fd833d01ef123d3c11780cf..4c0528b6e1e44700aafae2a8d07ad90a144c0041 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,4 @@
 ---
 # defaults file for ansible-common
 
-ufw_policy: reject
 extra_tls_certs: []
diff --git a/tasks/add_repo.yml b/tasks/add_repo.yml
deleted file mode 100644
index 1cfc76002daace018600e05cee2ea257031df36e..0000000000000000000000000000000000000000
--- a/tasks/add_repo.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-- name: Assert
-  assert:
-    that:
-    - "ansible_pkg_mgr == 'apt'"
-    - "extra_repos is defined"
-
-- name: Add additional apt repository keys
-  with_items: extra_repos
-  when: item.key_url is defined or item.key_data is defined
-  apt_key:
-    url: '{{ item.key_url|default(omit) }}'
-    data: '{{ item.key_data|default(omit) }}'
-    state: present
-
-- name: Add additional apt repository
-  with_items: extra_repos
-  apt_repository:
-    repo: '{{ item.repo }}'
-    state: present
-    update_cache: yes
diff --git a/tasks/main.yml b/tasks/main.yml
index aa77d8979f109b5fe30b3c59de9cf2d17d44997a..95c20ef6d68116997c48b4b0fdcb59dee9f4887d 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,21 +8,12 @@
 - include: backports.yml
   when: backports|default(False) and ansible_os_family == 'Debian' and not common_role_finished is defined
 
-- include: add_repo.yml
-  when: ansible_distribution == 'Debian' and extra_repos is defined and not common_role_finished is defined
-
-- include: ufw.yml
-  when: ufw|default(True) and ansible_os_family == 'Debian' and not common_role_finished is defined
-
 - include: tls_cert.yml
   when: tls_cert|default(True) and not common_role_finished is defined
 
 - include: add_tls_cert.yml
   when: not common_role_finished is defined
 
-- include: ssh_ca.yml
-  when: ssh_ca|default(True) and not common_role_finished is defined
-
 - include: syslog_forward.yml
   when: syslog_server is defined and not common_role_finished is defined
 
diff --git a/tasks/ssh_ca.yml b/tasks/ssh_ca.yml
deleted file mode 100644
index e03b0870494e38bdb97d494c0ad1e8bd198c2b96..0000000000000000000000000000000000000000
--- a/tasks/ssh_ca.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- name: Assert
-  assert:
-    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
diff --git a/tasks/ufw.yml b/tasks/ufw.yml
deleted file mode 100644
index 234bd2f30a29461b850eb11d22f7f7223e59ab98..0000000000000000000000000000000000000000
--- a/tasks/ufw.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-- name: Assert
-  assert:
-    that: ansible_pkg_mgr == 'apt'
-
-- name: apt install ufw
-  apt:
-    name: ufw
-    state: present
-    update_cache: yes
-    cache_valid_time: 3600
-
-- name: Rate limit SSH
-  ufw:
-    rule: limit
-    port: ssh
-    proto: tcp
-
-- name: Enable UFW
-  ufw:
-    policy: '{{ ufw_policy }}'
-    state: enabled