hcloud logo
Hetzner Cloud v1.10.3, Mar 8 23

hcloud.Firewall

Provides a Hetzner Cloud Firewall to represent a Firewall in the Hetzner Cloud.

Example Usage

using System.Collections.Generic;
using Pulumi;
using HCloud = Pulumi.HCloud;

return await Deployment.RunAsync(() => 
{
    var myfirewall = new HCloud.Firewall("myfirewall", new()
    {
        Rules = new[]
        {
            new HCloud.Inputs.FirewallRuleArgs
            {
                Direction = "in",
                Protocol = "icmp",
                SourceIps = new[]
                {
                    "0.0.0.0/0",
                    "::/0",
                },
            },
            new HCloud.Inputs.FirewallRuleArgs
            {
                Direction = "in",
                Protocol = "tcp",
                Port = "80-85",
                SourceIps = new[]
                {
                    "0.0.0.0/0",
                    "::/0",
                },
            },
        },
    });

    var node1 = new HCloud.Server("node1", new()
    {
        Image = "debian-9",
        ServerType = "cx11",
        FirewallIds = new[]
        {
            myfirewall.Id,
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-hcloud/sdk/go/hcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		myfirewall, err := hcloud.NewFirewall(ctx, "myfirewall", &hcloud.FirewallArgs{
			Rules: hcloud.FirewallRuleArray{
				&hcloud.FirewallRuleArgs{
					Direction: pulumi.String("in"),
					Protocol:  pulumi.String("icmp"),
					SourceIps: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
				&hcloud.FirewallRuleArgs{
					Direction: pulumi.String("in"),
					Protocol:  pulumi.String("tcp"),
					Port:      pulumi.String("80-85"),
					SourceIps: pulumi.StringArray{
						pulumi.String("0.0.0.0/0"),
						pulumi.String("::/0"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = hcloud.NewServer(ctx, "node1", &hcloud.ServerArgs{
			Image:      pulumi.String("debian-9"),
			ServerType: pulumi.String("cx11"),
			FirewallIds: pulumi.IntArray{
				myfirewall.ID(),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.hcloud.Firewall;
import com.pulumi.hcloud.FirewallArgs;
import com.pulumi.hcloud.inputs.FirewallRuleArgs;
import com.pulumi.hcloud.Server;
import com.pulumi.hcloud.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var myfirewall = new Firewall("myfirewall", FirewallArgs.builder()        
            .rules(            
                FirewallRuleArgs.builder()
                    .direction("in")
                    .protocol("icmp")
                    .sourceIps(                    
                        "0.0.0.0/0",
                        "::/0")
                    .build(),
                FirewallRuleArgs.builder()
                    .direction("in")
                    .protocol("tcp")
                    .port("80-85")
                    .sourceIps(                    
                        "0.0.0.0/0",
                        "::/0")
                    .build())
            .build());

        var node1 = new Server("node1", ServerArgs.builder()        
            .image("debian-9")
            .serverType("cx11")
            .firewallIds(myfirewall.id())
            .build());

    }
}
import pulumi
import pulumi_hcloud as hcloud

myfirewall = hcloud.Firewall("myfirewall", rules=[
    hcloud.FirewallRuleArgs(
        direction="in",
        protocol="icmp",
        source_ips=[
            "0.0.0.0/0",
            "::/0",
        ],
    ),
    hcloud.FirewallRuleArgs(
        direction="in",
        protocol="tcp",
        port="80-85",
        source_ips=[
            "0.0.0.0/0",
            "::/0",
        ],
    ),
])
node1 = hcloud.Server("node1",
    image="debian-9",
    server_type="cx11",
    firewall_ids=[myfirewall.id])
import * as pulumi from "@pulumi/pulumi";
import * as hcloud from "@pulumi/hcloud";

const myfirewall = new hcloud.Firewall("myfirewall", {rules: [
    {
        direction: "in",
        protocol: "icmp",
        sourceIps: [
            "0.0.0.0/0",
            "::/0",
        ],
    },
    {
        direction: "in",
        protocol: "tcp",
        port: "80-85",
        sourceIps: [
            "0.0.0.0/0",
            "::/0",
        ],
    },
]});
const node1 = new hcloud.Server("node1", {
    image: "debian-9",
    serverType: "cx11",
    firewallIds: [myfirewall.id],
});
resources:
  myfirewall:
    type: hcloud:Firewall
    properties:
      rules:
        - direction: in
          protocol: icmp
          sourceIps:
            - 0.0.0.0/0
            - ::/0
        - direction: in
          protocol: tcp
          port: 80-85
          sourceIps:
            - 0.0.0.0/0
            - ::/0
  node1:
    type: hcloud:Server
    properties:
      image: debian-9
      serverType: cx11
      firewallIds:
        - ${myfirewall.id}

Create Firewall Resource

new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             apply_tos: Optional[Sequence[FirewallApplyToArgs]] = None,
             labels: Optional[Mapping[str, Any]] = None,
             name: Optional[str] = None,
             rules: Optional[Sequence[FirewallRuleArgs]] = None)
@overload
def Firewall(resource_name: str,
             args: Optional[FirewallArgs] = None,
             opts: Optional[ResourceOptions] = None)
func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: hcloud:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args FirewallArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

Firewall Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Firewall resource accepts the following input properties:

ApplyTos List<Pulumi.HCloud.Inputs.FirewallApplyToArgs>

Resources the firewall should be assigned to

Labels Dictionary<string, object>

User-defined labels (key-value pairs) should be created with.

Name string

Name of the Firewall.

Rules List<Pulumi.HCloud.Inputs.FirewallRuleArgs>

Configuration of a Rule from this Firewall.

ApplyTos []FirewallApplyToArgs

Resources the firewall should be assigned to

Labels map[string]interface{}

User-defined labels (key-value pairs) should be created with.

Name string

Name of the Firewall.

Rules []FirewallRuleArgs

Configuration of a Rule from this Firewall.

applyTos List<FirewallApplyToArgs>

Resources the firewall should be assigned to

labels Map<String,Object>

User-defined labels (key-value pairs) should be created with.

name String

Name of the Firewall.

rules List<FirewallRuleArgs>

Configuration of a Rule from this Firewall.

applyTos FirewallApplyToArgs[]

Resources the firewall should be assigned to

labels {[key: string]: any}

User-defined labels (key-value pairs) should be created with.

name string

Name of the Firewall.

rules FirewallRuleArgs[]

Configuration of a Rule from this Firewall.

apply_tos Sequence[FirewallApplyToArgs]

Resources the firewall should be assigned to

labels Mapping[str, Any]

User-defined labels (key-value pairs) should be created with.

name str

Name of the Firewall.

rules Sequence[FirewallRuleArgs]

Configuration of a Rule from this Firewall.

applyTos List<Property Map>

Resources the firewall should be assigned to

labels Map<Any>

User-defined labels (key-value pairs) should be created with.

name String

Name of the Firewall.

rules List<Property Map>

Configuration of a Rule from this Firewall.

Outputs

All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

id String

The provider-assigned unique ID for this managed resource.

Look up Existing Firewall Resource

Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        apply_tos: Optional[Sequence[FirewallApplyToArgs]] = None,
        labels: Optional[Mapping[str, Any]] = None,
        name: Optional[str] = None,
        rules: Optional[Sequence[FirewallRuleArgs]] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
ApplyTos List<Pulumi.HCloud.Inputs.FirewallApplyToArgs>

Resources the firewall should be assigned to

Labels Dictionary<string, object>

User-defined labels (key-value pairs) should be created with.

Name string

Name of the Firewall.

Rules List<Pulumi.HCloud.Inputs.FirewallRuleArgs>

Configuration of a Rule from this Firewall.

ApplyTos []FirewallApplyToArgs

Resources the firewall should be assigned to

Labels map[string]interface{}

User-defined labels (key-value pairs) should be created with.

Name string

Name of the Firewall.

Rules []FirewallRuleArgs

Configuration of a Rule from this Firewall.

applyTos List<FirewallApplyToArgs>

Resources the firewall should be assigned to

labels Map<String,Object>

User-defined labels (key-value pairs) should be created with.

name String

Name of the Firewall.

rules List<FirewallRuleArgs>

Configuration of a Rule from this Firewall.

applyTos FirewallApplyToArgs[]

Resources the firewall should be assigned to

labels {[key: string]: any}

User-defined labels (key-value pairs) should be created with.

name string

Name of the Firewall.

rules FirewallRuleArgs[]

Configuration of a Rule from this Firewall.

apply_tos Sequence[FirewallApplyToArgs]

Resources the firewall should be assigned to

labels Mapping[str, Any]

User-defined labels (key-value pairs) should be created with.

name str

Name of the Firewall.

rules Sequence[FirewallRuleArgs]

Configuration of a Rule from this Firewall.

applyTos List<Property Map>

Resources the firewall should be assigned to

labels Map<Any>

User-defined labels (key-value pairs) should be created with.

name String

Name of the Firewall.

rules List<Property Map>

Configuration of a Rule from this Firewall.

Supporting Types

FirewallApplyTo

LabelSelector string

Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)

Server int

ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)

LabelSelector string

Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)

Server int

ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)

labelSelector String

Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)

server Integer

ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)

labelSelector string

Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)

server number

ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)

label_selector str

Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)

server int

ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)

labelSelector String

Label Selector to select servers the firewall should be applied to (only one of server and label_selectorcan be applied in one block)

server Number

ID of the server you want to apply the firewall to (only one of server and label_selectorcan be applied in one block)

FirewallRule

Direction string

Direction of the Firewall Rule. in

Protocol string

Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp

Description string

Description of the firewall rule

DestinationIps List<string>

(Required, List) List of CIDRs that are allowed within this Firewall Rule (when direction is out)

Port string

Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.

SourceIps List<string>

List of CIDRs that are allowed within this Firewall Rule

Direction string

Direction of the Firewall Rule. in

Protocol string

Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp

Description string

Description of the firewall rule

DestinationIps []string

(Required, List) List of CIDRs that are allowed within this Firewall Rule (when direction is out)

Port string

Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.

SourceIps []string

List of CIDRs that are allowed within this Firewall Rule

direction String

Direction of the Firewall Rule. in

protocol String

Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp

description String

Description of the firewall rule

destinationIps List<String>

(Required, List) List of CIDRs that are allowed within this Firewall Rule (when direction is out)

port String

Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.

sourceIps List<String>

List of CIDRs that are allowed within this Firewall Rule

direction string

Direction of the Firewall Rule. in

protocol string

Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp

description string

Description of the firewall rule

destinationIps string[]

(Required, List) List of CIDRs that are allowed within this Firewall Rule (when direction is out)

port string

Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.

sourceIps string[]

List of CIDRs that are allowed within this Firewall Rule

direction str

Direction of the Firewall Rule. in

protocol str

Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp

description str

Description of the firewall rule

destination_ips Sequence[str]

(Required, List) List of CIDRs that are allowed within this Firewall Rule (when direction is out)

port str

Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.

source_ips Sequence[str]

List of CIDRs that are allowed within this Firewall Rule

direction String

Direction of the Firewall Rule. in

protocol String

Protocol of the Firewall Rule. tcp, icmp, udp, gre, esp

description String

Description of the firewall rule

destinationIps List<String>

(Required, List) List of CIDRs that are allowed within this Firewall Rule (when direction is out)

port String

Port of the Firewall Rule. Required when protocol is tcp or udp. You can use any to allow all ports for the specific protocol. Port ranges are also possible: 80-85 allows all ports between 80 and 85.

sourceIps List<String>

List of CIDRs that are allowed within this Firewall Rule

Import

Firewalls can be imported using its id

 $ pulumi import hcloud:index/firewall:Firewall myfirewall id

Package Details

Repository
Hetzner Cloud pulumi/pulumi-hcloud
License
Apache-2.0
Notes

This Pulumi package is based on the hcloud Terraform Provider.