Terraform module for managing firewalls in the Hetzner Cloud.
It implements the following provider resources:
module "firewall" {
source = "github.com/peterpramb/terraform-hcloud-firewalls?ref=<release>"
firewalls = [
{
name = "mailserver"
rules = [
{
direction = "in"
protocol = "icmp"
port = null
remote_ips = [
"0.0.0.0/0",
"::/0"
]
description = "allow ICMP in"
},
{
direction = "in"
protocol = "tcp"
port = "25"
remote_ips = [
"0.0.0.0/0",
"::/0"
]
description = "allow SMTP in"
},
{
direction = "in"
protocol = "tcp"
port = "143"
remote_ips = [
"0.0.0.0/0",
"::/0"
]
description = "allow IMAP in"
},
{
direction = "out"
protocol = "icmp"
port = null
remote_ips = [
"0.0.0.0/0",
"::/0"
]
description = "allow ICMP out"
},
{
direction = "out"
protocol = "tcp"
port = "25"
remote_ips = [
"0.0.0.0/0",
"::/0"
]
description = "allow SMTP out"
},
{
direction = "out"
protocol = "tcp"
port = "53"
remote_ips = [
"0.0.0.0/0",
"::/0"
]
description = "allow DNS out"
},
{
direction = "out"
protocol = "udp"
port = "53"
remote_ips = [
"0.0.0.0/0",
"::/0"
]
description = "allow DNS out"
}
]
server = {
ids = []
labels = [
"server_role=mail"
]
}
labels = {
"managed" = "true"
"managed_by" = "Terraform"
}
}
]
}| Name | Version |
|---|---|
| terraform | ≥ 0.13 |
| Name | Version |
|---|---|
| hcloud | ≥ 1.33 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| firewalls | List of firewall objects to be managed. | list(map(firewall)) | See below | yes |
| Name | Description | Type | Required |
|---|---|---|---|
| name | Unique name of the firewall. | string | yes |
| rules | List of firewall rule objects. | list(map(rule)) | no |
| server | Inputs for server attachment. | map(server) | no |
| labels | Map of user-defined labels. | map(string) | no |
| Name | Description | Type | Required |
|---|---|---|---|
| direction | Traffic direction to apply this firewall rule to. | string | yes |
| protocol | Protocol to match with this firewall rule. | string | yes |
| port | Port(range) to match with this firewall rule. | string | yes (TCP/UDP only) |
| remote_ips | List of remote IPs to match with this firewall rule. | list(string) | yes |
| description | Description of this firewall rule. | string | no |
| Name | Description | Type | Required |
|---|---|---|---|
| ids | IDs of the servers to attach the firewall to. | list(string) | no |
| labels | Labels of the servers to attach the firewall to. | list(string) | no |
firewalls = [
{
name = "firewall-1"
rules = [
{
direction = "in"
protocol = "icmp"
port = null
remote_ips = [
"0.0.0.0/0",
"::/0"
]
description = "allow ICMP in"
},
{
direction = "in"
protocol = "tcp"
port = "22"
remote_ips = [
"0.0.0.0/0",
"::/0"
]
description = "allow SSH in"
}
]
server = null
labels = {}
}
]| Name | Description |
|---|---|
| firewalls | List of all firewall objects. |
| firewall_ids | Map of all firewall objects indexed by ID. |
| firewall_names | Map of all firewall objects indexed by name. |
| firewall_attachments | List of all firewall attachment objects. |
| firewall_attachment_ids | Map of all firewall attachment objects indexed by ID. |
| firewall_attachment_names | Map of all firewall attachment objects indexed by name. |
firewalls = [
{
"attachment" = {}
"id" = "49002"
"labels" = {}
"name" = "firewall-1"
"rule" = [
{
"description" = "allow ICMP in"
"destination_ips" = []
"direction" = "in"
"port" = ""
"protocol" = "icmp"
"source_ips" = [
"0.0.0.0/0",
"::/0",
]
},
{
"description" = "allow SSH in"
"destination_ips" = []
"direction" = "in"
"port" = "22"
"protocol" = "tcp"
"source_ips" = [
"0.0.0.0/0",
"::/0",
]
},
]
},
]
firewall_ids = {
"49002" = {
"attachment" = {}
"id" = "49002"
"labels" = {}
"name" = "firewall-1"
"rule" = [
{
"description" = "allow ICMP in"
"destination_ips" = []
"direction" = "in"
"port" = ""
"protocol" = "icmp"
"source_ips" = [
"0.0.0.0/0",
"::/0",
]
},
{
"description" = "allow SSH in"
"destination_ips" = []
"direction" = "in"
"port" = "22"
"protocol" = "tcp"
"source_ips" = [
"0.0.0.0/0",
"::/0",
]
},
]
}
}
firewall_names = {
"firewall-1" = {
"attachment" = {}
"id" = "49002"
"labels" = {}
"name" = "firewall-1"
"rule" = [
{
"description" = "allow ICMP in"
"destination_ips" = []
"direction" = "in"
"port" = ""
"protocol" = "icmp"
"source_ips" = [
"0.0.0.0/0",
"::/0",
]
},
{
"description" = "allow SSH in"
"destination_ips" = []
"direction" = "in"
"port" = "22"
"protocol" = "tcp"
"source_ips" = [
"0.0.0.0/0",
"::/0",
]
},
]
}
}
firewall_attachments = []
firewall_attachment_ids = {}
firewall_attachment_names = {}This module is released under the MIT License.