hetzner.hcloud.hcloud_firewall – Create and manage firewalls on the Hetzner Cloud.

Note

This plugin is part of the hetzner.hcloud collection (version 1.4.2).

To install it use: ansible-galaxy collection install hetzner.hcloud.

To use it in a playbook, specify: hetzner.hcloud.hcloud_firewall.

Synopsis

  • Create, update and manage firewalls on the Hetzner Cloud.

Requirements

The below requirements are needed on the host that executes this module.

  • hcloud-python >= 1.0.0

Parameters

Parameter Choices/Defaults Comments
api_token
string / required
This is the API Token for the Hetzner Cloud.
endpoint
string
Default:
"https://api.hetzner.cloud/v1"
This is the API Endpoint for the Hetzner Cloud.
id
integer
The ID of the Hetzner Cloud firewall to manage.
Only required if no firewall name is given
labels
dictionary
User-defined labels (key-value pairs)
name
string
The Name of the Hetzner Cloud firewall to manage.
Only required if no firewall id is given, or a firewall does not exists.
rules
list / elements=dictionary
List of rules the firewall should contain.
destination_ips
list / elements=string
List of CIDRs that are allowed within this rule
direction
string
    Choices:
  • in
  • out
The direction of the firewall rule.
port
string
The port of the firewall rule.
protocol
string
    Choices:
  • icmp
  • tcp
  • udp
The protocol of the firewall rule.
source_ips
list / elements=string
List of CIDRs that are allowed within this rule
state
string
    Choices:
  • absent
  • present ←
State of the firewall.

See Also

See also

Documentation for Hetzner Cloud API

Complete reference for the Hetzner Cloud API.

Examples

- name: Create a basic firewall
  hcloud_firewall:
    name: my-firewall
    state: present

- name: Create a firewall with rules
  hcloud_firewall:
    name: my-firewall
    rules:
       - direction: in
         protocol: icmp
         source_ips:
           - 0.0.0.0/0
           - ::/0
    state: present

- name: Create a firewall with labels
  hcloud_firewall:
    name: my-firewall
    labels:
        key: value
        mylabel: 123
    state: present

- name: Ensure the firewall is absent (remove if needed)
  hcloud_firewall:
    name: my-firewall
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
hcloud_firewall
complex
Always
The firewall instance
 
id
integer
always
Numeric identifier of the firewall

Sample:
1937415
 
labels
dictionary
always
User-defined labels (key-value pairs)
 
name
string
always
Name of the firewall

Sample:
my firewall
 
rules
complex
always
List of Rules within this Firewall
   
destination_ips
list / elements=string
always
Source IPs of the Firewall
   
direction
string
always
Direction of the Firewall Rule

Sample:
in
   
port
string
always
Port of the Firewall Rule, None/Null if protocol is icmp

Sample:
in
   
protocol
string
always
Protocol of the Firewall Rule

Sample:
icmp
   
source_ips
list / elements=string
always
Source IPs of the Firewall


Authors

  • Lukas Kaemmerling (@lkaemmerling)