hetzner.hcloud.hcloud_firewall – Create and manage firewalls on the Hetzner Cloud.

Note

This plugin is part of the hetzner.hcloud collection (version 1.6.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install hetzner.hcloud.

To use it in a playbook, specify: hetzner.hcloud.hcloud_firewall.

Synopsis

  • Create, update and manage firewalls on the Hetzner Cloud.

Requirements

The below requirements are needed on the host that executes this module.

  • hcloud-python >= 1.0.0

Parameters

Parameter Choices/Defaults Comments
api_token
string / required
This is the API Token for the Hetzner Cloud.
endpoint
string
Default:
"https://api.hetzner.cloud/v1"
This is the API Endpoint for the Hetzner Cloud.
id
integer
The ID of the Hetzner Cloud firewall to manage.
Only required if no firewall name is given
labels
dictionary
User-defined labels (key-value pairs)
name
string
The Name of the Hetzner Cloud firewall to manage.
Only required if no firewall id is given, or a firewall does not exists.
rules
list / elements=dictionary
List of rules the firewall should contain.
description
string
User defined description of this rule.
destination_ips
list / elements=string
List of CIDRs that are allowed within this rule
direction
string
    Choices:
  • in
  • out
The direction of the firewall rule.
port
string
The port of the firewall rule.
protocol
string
    Choices:
  • icmp
  • tcp
  • udp
The protocol of the firewall rule.
source_ips
list / elements=string
List of CIDRs that are allowed within this rule
state
string
    Choices:
  • absent
  • present
State of the firewall.

See Also

See also

Documentation for Hetzner Cloud API

Complete reference for the Hetzner Cloud API.

Examples

- name: Create a basic firewall
  hcloud_firewall:
    name: my-firewall
    state: present

- name: Create a firewall with rules
  hcloud_firewall:
    name: my-firewall
    rules:
       - direction: in
         protocol: icmp
         source_ips:
           - 0.0.0.0/0
           - ::/0
         description: allow icmp in
    state: present

- name: Create a firewall with labels
  hcloud_firewall:
    name: my-firewall
    labels:
        key: value
        mylabel: 123
    state: present

- name: Ensure the firewall is absent (remove if needed)
  hcloud_firewall:
    name: my-firewall
    state: absent

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
hcloud_firewall
complex
Always
The firewall instance

id
integer
always
Numeric identifier of the firewall

Sample:
1937415
labels
dictionary
always
User-defined labels (key-value pairs)

name
string
always
Name of the firewall

Sample:
my firewall
rules
complex
always
List of Rules within this Firewall

description
string
always
User defined description of the Firewall Rule

destination_ips
list / elements=string
always
Source IPs of the Firewall

direction
string
always
Direction of the Firewall Rule

Sample:
in
port
string
always
Port of the Firewall Rule, None/Null if protocol is icmp

Sample:
in
protocol
string
always
Protocol of the Firewall Rule

Sample:
icmp
source_ips
list / elements=string
always
Source IPs of the Firewall



Authors

  • Lukas Kaemmerling (@lkaemmerling)

© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/hetzner/hcloud/hcloud_firewall_module.html