hcloud.Firewall
Explore with Pulumi AI
Provides a Hetzner Cloud Firewall to represent a Firewall in the Hetzner Cloud.
Example Usage
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using HCloud = Pulumi.HCloud;
return await Deployment.RunAsync(() =>
{
var myfirewall = new HCloud.Firewall("myfirewall", new()
{
Rules = new[]
{
new HCloud.Inputs.FirewallRuleArgs
{
Direction = "in",
Protocol = "icmp",
SourceIps = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new HCloud.Inputs.FirewallRuleArgs
{
Direction = "in",
Protocol = "tcp",
Port = "80-85",
SourceIps = new[]
{
"0.0.0.0/0",
"::/0",
},
},
},
});
var node1 = new HCloud.Server("node1", new()
{
Image = "debian-11",
ServerType = "cx11",
FirewallIds = new[]
{
myfirewall.Id,
},
});
});
package main
import (
"github.com/pulumi/pulumi-hcloud/sdk/go/hcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myfirewall, err := hcloud.NewFirewall(ctx, "myfirewall", &hcloud.FirewallArgs{
Rules: hcloud.FirewallRuleArray{
&hcloud.FirewallRuleArgs{
Direction: pulumi.String("in"),
Protocol: pulumi.String("icmp"),
SourceIps: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&hcloud.FirewallRuleArgs{
Direction: pulumi.String("in"),
Protocol: pulumi.String("tcp"),
Port: pulumi.String("80-85"),
SourceIps: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
},
})
if err != nil {
return err
}
_, err = hcloud.NewServer(ctx, "node1", &hcloud.ServerArgs{
Image: pulumi.String("debian-11"),
ServerType: pulumi.String("cx11"),
FirewallIds: pulumi.IntArray{
myfirewall.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.hcloud.Firewall;
import com.pulumi.hcloud.FirewallArgs;
import com.pulumi.hcloud.inputs.FirewallRuleArgs;
import com.pulumi.hcloud.Server;
import com.pulumi.hcloud.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myfirewall = new Firewall("myfirewall", FirewallArgs.builder()
.rules(
FirewallRuleArgs.builder()
.direction("in")
.protocol("icmp")
.sourceIps(
"0.0.0.0/0",
"::/0")
.build(),
FirewallRuleArgs.builder()
.direction("in")
.protocol("tcp")
.port("80-85")
.sourceIps(
"0.0.0.0/0",
"::/0")
.build())
.build());
var node1 = new Server("node1", ServerArgs.builder()
.image("debian-11")
.serverType("cx11")
.firewallIds(myfirewall.id())
.build());
}
}
import pulumi
import pulumi_hcloud as hcloud
myfirewall = hcloud.Firewall("myfirewall", rules=[
hcloud.FirewallRuleArgs(
direction="in",
protocol="icmp",
source_ips=[
"0.0.0.0/0",
"::/0",
],
),
hcloud.FirewallRuleArgs(
direction="in",
protocol="tcp",
port="80-85",
source_ips=[
"0.0.0.0/0",
"::/0",
],
),
])
node1 = hcloud.Server("node1",
image="debian-11",
server_type="cx11",
firewall_ids=[myfirewall.id])
import * as pulumi from "@pulumi/pulumi";
import * as hcloud from "@pulumi/hcloud";
const myfirewall = new hcloud.Firewall("myfirewall", {rules: [
{
direction: "in",
protocol: "icmp",
sourceIps: [
"0.0.0.0/0",
"::/0",
],
},
{
direction: "in",
protocol: "tcp",
port: "80-85",
sourceIps: [
"0.0.0.0/0",
"::/0",
],
},
]});
const node1 = new hcloud.Server("node1", {
image: "debian-11",
serverType: "cx11",
firewallIds: [myfirewall.id],
});
resources:
myfirewall:
type: hcloud:Firewall
properties:
rules:
- direction: in
protocol: icmp
sourceIps:
- 0.0.0.0/0
- ::/0
- direction: in
protocol: tcp
port: 80-85
sourceIps:
- 0.0.0.0/0
- ::/0
node1:
type: hcloud:Server
properties:
image: debian-11
serverType: cx11
firewallIds:
- ${myfirewall.id}
Create Firewall Resource
new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
apply_tos: Optional[Sequence[FirewallApplyToArgs]] = None,
labels: Optional[Mapping[str, Any]] = None,
name: Optional[str] = None,
rules: Optional[Sequence[FirewallRuleArgs]] = None)
@overload
def Firewall(resource_name: str,
args: Optional[FirewallArgs] = None,
opts: Optional[ResourceOptions] = None)
func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: hcloud:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Firewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Firewall resource accepts the following input properties:
- Apply
Tos List<Pulumi.HCloud. Inputs. Firewall Apply To> Resources the firewall should be assigned to
- Labels Dictionary<string, object>
User-defined labels (key-value pairs) should be created with.
- Name string
Name of the Firewall.
- Rules
List<Pulumi.
HCloud. Inputs. Firewall Rule> Configuration of a Rule from this Firewall.
- Apply
Tos []FirewallApply To Args Resources the firewall should be assigned to
- Labels map[string]interface{}
User-defined labels (key-value pairs) should be created with.
- Name string
Name of the Firewall.
- Rules
[]Firewall
Rule Args Configuration of a Rule from this Firewall.
- apply
Tos List<FirewallApply To> Resources the firewall should be assigned to
- labels Map<String,Object>
User-defined labels (key-value pairs) should be created with.
- name String
Name of the Firewall.
- rules
List<Firewall
Rule> Configuration of a Rule from this Firewall.
- apply
Tos FirewallApply To[] Resources the firewall should be assigned to
- labels {[key: string]: any}
User-defined labels (key-value pairs) should be created with.
- name string
Name of the Firewall.
- rules
Firewall
Rule[] Configuration of a Rule from this Firewall.
- apply_
tos Sequence[FirewallApply To Args] Resources the firewall should be assigned to
- labels Mapping[str, Any]
User-defined labels (key-value pairs) should be created with.
- name str
Name of the Firewall.
- rules
Sequence[Firewall
Rule Args] Configuration of a Rule from this Firewall.
- apply
Tos List<Property Map> Resources the firewall should be assigned to
- labels Map<Any>
User-defined labels (key-value pairs) should be created with.
- name String
Name of the Firewall.
- rules List<Property Map>
Configuration of a Rule from this Firewall.
Outputs
All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:
- Id string
The provider-assigned unique ID for this managed resource.
- Id string
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
- id string
The provider-assigned unique ID for this managed resource.
- id str
The provider-assigned unique ID for this managed resource.
- id String
The provider-assigned unique ID for this managed resource.
Look up Existing Firewall Resource
Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
apply_tos: Optional[Sequence[FirewallApplyToArgs]] = None,
labels: Optional[Mapping[str, Any]] = None,
name: Optional[str] = None,
rules: Optional[Sequence[FirewallRuleArgs]] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Apply
Tos List<Pulumi.HCloud. Inputs. Firewall Apply To> Resources the firewall should be assigned to
- Labels Dictionary<string, object>
User-defined labels (key-value pairs) should be created with.
- Name string
Name of the Firewall.
- Rules
List<Pulumi.
HCloud. Inputs. Firewall Rule> Configuration of a Rule from this Firewall.
- Apply
Tos []FirewallApply To Args Resources the firewall should be assigned to
- Labels map[string]interface{}
User-defined labels (key-value pairs) should be created with.
- Name string
Name of the Firewall.
- Rules
[]Firewall
Rule Args Configuration of a Rule from this Firewall.
- apply
Tos List<FirewallApply To> Resources the firewall should be assigned to
- labels Map<String,Object>
User-defined labels (key-value pairs) should be created with.
- name String
Name of the Firewall.
- rules
List<Firewall
Rule> Configuration of a Rule from this Firewall.
- apply
Tos FirewallApply To[] Resources the firewall should be assigned to
- labels {[key: string]: any}
User-defined labels (key-value pairs) should be created with.
- name string
Name of the Firewall.
- rules
Firewall
Rule[] Configuration of a Rule from this Firewall.
- apply_
tos Sequence[FirewallApply To Args] Resources the firewall should be assigned to
- labels Mapping[str, Any]
User-defined labels (key-value pairs) should be created with.
- name str
Name of the Firewall.
- rules
Sequence[Firewall
Rule Args] Configuration of a Rule from this Firewall.
- apply
Tos List<Property Map> Resources the firewall should be assigned to
- labels Map<Any>
User-defined labels (key-value pairs) should be created with.
- name String
Name of the Firewall.
- rules List<Property Map>
Configuration of a Rule from this Firewall.
Supporting Types
FirewallApplyTo, FirewallApplyToArgs
- Label
Selector string Label Selector to select servers the firewall should be applied to (only one of
server
andlabel_selector
can be applied in one block)- Server int
ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- Label
Selector string Label Selector to select servers the firewall should be applied to (only one of
server
andlabel_selector
can be applied in one block)- Server int
ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- label
Selector String Label Selector to select servers the firewall should be applied to (only one of
server
andlabel_selector
can be applied in one block)- server Integer
ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- label
Selector string Label Selector to select servers the firewall should be applied to (only one of
server
andlabel_selector
can be applied in one block)- server number
ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- label_
selector str Label Selector to select servers the firewall should be applied to (only one of
server
andlabel_selector
can be applied in one block)- server int
ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- label
Selector String Label Selector to select servers the firewall should be applied to (only one of
server
andlabel_selector
can be applied in one block)- server Number
ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
FirewallRule, FirewallRuleArgs
- Direction string
Direction of the Firewall Rule.
in
- Protocol string
Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- Description string
Description of the firewall rule
- Destination
Ips List<string> (Required, List) List of CIDRs that are allowed within this Firewall Rule (when
direction
isout
)- Port string
Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85.- Source
Ips List<string> List of CIDRs that are allowed within this Firewall Rule
- Direction string
Direction of the Firewall Rule.
in
- Protocol string
Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- Description string
Description of the firewall rule
- Destination
Ips []string (Required, List) List of CIDRs that are allowed within this Firewall Rule (when
direction
isout
)- Port string
Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85.- Source
Ips []string List of CIDRs that are allowed within this Firewall Rule
- direction String
Direction of the Firewall Rule.
in
- protocol String
Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- description String
Description of the firewall rule
- destination
Ips List<String> (Required, List) List of CIDRs that are allowed within this Firewall Rule (when
direction
isout
)- port String
Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85.- source
Ips List<String> List of CIDRs that are allowed within this Firewall Rule
- direction string
Direction of the Firewall Rule.
in
- protocol string
Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- description string
Description of the firewall rule
- destination
Ips string[] (Required, List) List of CIDRs that are allowed within this Firewall Rule (when
direction
isout
)- port string
Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85.- source
Ips string[] List of CIDRs that are allowed within this Firewall Rule
- direction str
Direction of the Firewall Rule.
in
- protocol str
Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- description str
Description of the firewall rule
- destination_
ips Sequence[str] (Required, List) List of CIDRs that are allowed within this Firewall Rule (when
direction
isout
)- port str
Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85.- source_
ips Sequence[str] List of CIDRs that are allowed within this Firewall Rule
- direction String
Direction of the Firewall Rule.
in
- protocol String
Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- description String
Description of the firewall rule
- destination
Ips List<String> (Required, List) List of CIDRs that are allowed within this Firewall Rule (when
direction
isout
)- port String
Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85.- source
Ips List<String> List of CIDRs that are allowed within this Firewall Rule
Import
Firewalls can be imported using its id
$ pulumi import hcloud:index/firewall:Firewall myfirewall id
Package Details
- Repository
- Hetzner Cloud pulumi/pulumi-hcloud
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
hcloud
Terraform Provider.