hetzner.hcloud.hcloud_firewall module – Create and manage firewalls on the Hetzner Cloud.

Note

This module is part of the hetzner.hcloud collection (version 1.6.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install hetzner.hcloud.

To use it in a playbook, specify: hetzner.hcloud.hcloud_firewall.

Synopsis

  • Create, update and manage firewalls on the Hetzner Cloud.

Requirements

The below requirements are needed on the host that executes this module.

  • hcloud-python >= 1.0.0

Parameters

Parameter

Comments

api_token

string / required

This is the API Token for the Hetzner Cloud.

endpoint

string

This is the API Endpoint for the Hetzner Cloud.

Default: “https://api.hetzner.cloud/v1”

id

integer

The ID of the Hetzner Cloud firewall to manage.

Only required if no firewall name is given

labels

dictionary

User-defined labels (key-value pairs)

name

string

The Name of the Hetzner Cloud firewall to manage.

Only required if no firewall id is given, or a firewall does not exists.

rules

list / elements=dictionary

List of rules the firewall should contain.

description

string

User defined description of this rule.

destination_ips

list / elements=string

List of CIDRs that are allowed within this rule

direction

string

The direction of the firewall rule.

Choices:

  • in

  • out

port

string

The port of the firewall rule.

protocol

string

The protocol of the firewall rule.

Choices:

  • icmp

  • tcp

  • udp

source_ips

list / elements=string

List of CIDRs that are allowed within this rule

state

string

State of the firewall.

Choices:

  • absent

  • present ← (default)

See Also

See also

Documentation for Hetzner Cloud API

Complete reference for the Hetzner Cloud API.

Examples

- name: Create a basic firewall
  hcloud_firewall:
    name: my-firewall
    state: present

- name: Create a firewall with rules
  hcloud_firewall:
    name: my-firewall
    rules:
       - direction: in
         protocol: icmp
         source_ips:
           - 0.0.0.0/0
           - ::/0
         description: allow icmp in
    state: present

- name: Create a firewall with labels
  hcloud_firewall:
    name: my-firewall
    labels:
        key: value
        mylabel: 123
    state: present

- name: Ensure the firewall is absent (remove if needed)
  hcloud_firewall:
    name: my-firewall
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

hcloud_firewall

complex

The firewall instance

Returned: Always

id

integer

Numeric identifier of the firewall

Returned: always

Sample: 1937415

labels

dictionary

User-defined labels (key-value pairs)

Returned: always

name

string

Name of the firewall

Returned: always

Sample: “my firewall”

rules

complex

List of Rules within this Firewall

Returned: always

description

string

User defined description of the Firewall Rule

Returned: always

destination_ips

list / elements=string

Source IPs of the Firewall

Returned: always

direction

string

Direction of the Firewall Rule

Returned: always

Sample: “in”

port

string

Port of the Firewall Rule, None/Null if protocol is icmp

Returned: always

Sample: “in”

protocol

string

Protocol of the Firewall Rule

Returned: always

Sample: “icmp”

source_ips

list / elements=string

Source IPs of the Firewall

Returned: always

Authors

  • Lukas Kaemmerling (@lkaemmerling)