hcloud.Firewall
Explore with Pulumi AI
Provides a Hetzner Cloud Firewall to represent a Firewall in the Hetzner Cloud.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as hcloud from "@pulumi/hcloud";
const myfirewall = new hcloud.Firewall("myfirewall", {
name: "my-firewall",
rules: [
{
direction: "in",
protocol: "icmp",
sourceIps: [
"0.0.0.0/0",
"::/0",
],
},
{
direction: "in",
protocol: "tcp",
port: "80-85",
sourceIps: [
"0.0.0.0/0",
"::/0",
],
},
],
});
const node1 = new hcloud.Server("node1", {
name: "node1",
image: "debian-11",
serverType: "cx22",
firewallIds: [myfirewall.id],
});
import pulumi
import pulumi_hcloud as hcloud
myfirewall = hcloud.Firewall("myfirewall",
name="my-firewall",
rules=[
{
"direction": "in",
"protocol": "icmp",
"source_ips": [
"0.0.0.0/0",
"::/0",
],
},
{
"direction": "in",
"protocol": "tcp",
"port": "80-85",
"source_ips": [
"0.0.0.0/0",
"::/0",
],
},
])
node1 = hcloud.Server("node1",
name="node1",
image="debian-11",
server_type="cx22",
firewall_ids=[myfirewall.id])
package main
import (
"github.com/pulumi/pulumi-hcloud/sdk/go/hcloud"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
myfirewall, err := hcloud.NewFirewall(ctx, "myfirewall", &hcloud.FirewallArgs{
Name: pulumi.String("my-firewall"),
Rules: hcloud.FirewallRuleArray{
&hcloud.FirewallRuleArgs{
Direction: pulumi.String("in"),
Protocol: pulumi.String("icmp"),
SourceIps: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
&hcloud.FirewallRuleArgs{
Direction: pulumi.String("in"),
Protocol: pulumi.String("tcp"),
Port: pulumi.String("80-85"),
SourceIps: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
pulumi.String("::/0"),
},
},
},
})
if err != nil {
return err
}
_, err = hcloud.NewServer(ctx, "node1", &hcloud.ServerArgs{
Name: pulumi.String("node1"),
Image: pulumi.String("debian-11"),
ServerType: pulumi.String("cx22"),
FirewallIds: pulumi.IntArray{
myfirewall.ID(),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using HCloud = Pulumi.HCloud;
return await Deployment.RunAsync(() =>
{
var myfirewall = new HCloud.Firewall("myfirewall", new()
{
Name = "my-firewall",
Rules = new[]
{
new HCloud.Inputs.FirewallRuleArgs
{
Direction = "in",
Protocol = "icmp",
SourceIps = new[]
{
"0.0.0.0/0",
"::/0",
},
},
new HCloud.Inputs.FirewallRuleArgs
{
Direction = "in",
Protocol = "tcp",
Port = "80-85",
SourceIps = new[]
{
"0.0.0.0/0",
"::/0",
},
},
},
});
var node1 = new HCloud.Server("node1", new()
{
Name = "node1",
Image = "debian-11",
ServerType = "cx22",
FirewallIds = new[]
{
myfirewall.Id,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.hcloud.Firewall;
import com.pulumi.hcloud.FirewallArgs;
import com.pulumi.hcloud.inputs.FirewallRuleArgs;
import com.pulumi.hcloud.Server;
import com.pulumi.hcloud.ServerArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var myfirewall = new Firewall("myfirewall", FirewallArgs.builder()
.name("my-firewall")
.rules(
FirewallRuleArgs.builder()
.direction("in")
.protocol("icmp")
.sourceIps(
"0.0.0.0/0",
"::/0")
.build(),
FirewallRuleArgs.builder()
.direction("in")
.protocol("tcp")
.port("80-85")
.sourceIps(
"0.0.0.0/0",
"::/0")
.build())
.build());
var node1 = new Server("node1", ServerArgs.builder()
.name("node1")
.image("debian-11")
.serverType("cx22")
.firewallIds(myfirewall.id())
.build());
}
}
resources:
myfirewall:
type: hcloud:Firewall
properties:
name: my-firewall
rules:
- direction: in
protocol: icmp
sourceIps:
- 0.0.0.0/0
- ::/0
- direction: in
protocol: tcp
port: 80-85
sourceIps:
- 0.0.0.0/0
- ::/0
node1:
type: hcloud:Server
properties:
name: node1
image: debian-11
serverType: cx22
firewallIds:
- ${myfirewall.id}
Create Firewall Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Firewall(name: string, args?: FirewallArgs, opts?: CustomResourceOptions);
@overload
def Firewall(resource_name: str,
args: Optional[FirewallArgs] = None,
opts: Optional[ResourceOptions] = None)
@overload
def Firewall(resource_name: str,
opts: Optional[ResourceOptions] = None,
apply_tos: Optional[Sequence[FirewallApplyToArgs]] = None,
labels: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
rules: Optional[Sequence[FirewallRuleArgs]] = None)
func NewFirewall(ctx *Context, name string, args *FirewallArgs, opts ...ResourceOption) (*Firewall, error)
public Firewall(string name, FirewallArgs? args = null, CustomResourceOptions? opts = null)
public Firewall(String name, FirewallArgs args)
public Firewall(String name, FirewallArgs args, CustomResourceOptions options)
type: hcloud:Firewall
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args FirewallArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var firewallResource = new HCloud.Firewall("firewallResource", new()
{
ApplyTos = new[]
{
new HCloud.Inputs.FirewallApplyToArgs
{
LabelSelector = "string",
Server = 0,
},
},
Labels =
{
{ "string", "string" },
},
Name = "string",
Rules = new[]
{
new HCloud.Inputs.FirewallRuleArgs
{
Direction = "string",
Protocol = "string",
Description = "string",
DestinationIps = new[]
{
"string",
},
Port = "string",
SourceIps = new[]
{
"string",
},
},
},
});
example, err := hcloud.NewFirewall(ctx, "firewallResource", &hcloud.FirewallArgs{
ApplyTos: hcloud.FirewallApplyToArray{
&hcloud.FirewallApplyToArgs{
LabelSelector: pulumi.String("string"),
Server: pulumi.Int(0),
},
},
Labels: pulumi.StringMap{
"string": pulumi.String("string"),
},
Name: pulumi.String("string"),
Rules: hcloud.FirewallRuleArray{
&hcloud.FirewallRuleArgs{
Direction: pulumi.String("string"),
Protocol: pulumi.String("string"),
Description: pulumi.String("string"),
DestinationIps: pulumi.StringArray{
pulumi.String("string"),
},
Port: pulumi.String("string"),
SourceIps: pulumi.StringArray{
pulumi.String("string"),
},
},
},
})
var firewallResource = new Firewall("firewallResource", FirewallArgs.builder()
.applyTos(FirewallApplyToArgs.builder()
.labelSelector("string")
.server(0)
.build())
.labels(Map.of("string", "string"))
.name("string")
.rules(FirewallRuleArgs.builder()
.direction("string")
.protocol("string")
.description("string")
.destinationIps("string")
.port("string")
.sourceIps("string")
.build())
.build());
firewall_resource = hcloud.Firewall("firewallResource",
apply_tos=[{
"label_selector": "string",
"server": 0,
}],
labels={
"string": "string",
},
name="string",
rules=[{
"direction": "string",
"protocol": "string",
"description": "string",
"destination_ips": ["string"],
"port": "string",
"source_ips": ["string"],
}])
const firewallResource = new hcloud.Firewall("firewallResource", {
applyTos: [{
labelSelector: "string",
server: 0,
}],
labels: {
string: "string",
},
name: "string",
rules: [{
direction: "string",
protocol: "string",
description: "string",
destinationIps: ["string"],
port: "string",
sourceIps: ["string"],
}],
});
type: hcloud:Firewall
properties:
applyTos:
- labelSelector: string
server: 0
labels:
string: string
name: string
rules:
- description: string
destinationIps:
- string
direction: string
port: string
protocol: string
sourceIps:
- string
Firewall Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Firewall resource accepts the following input properties:
- Apply
Tos List<Pulumi.HCloud. Inputs. Firewall Apply To> - Resources the firewall should be assigned to
- Labels Dictionary<string, string>
- User-defined labels (key-value pairs) should be created with.
- Name string
- Name of the Firewall.
- Rules
List<Pulumi.
HCloud. Inputs. Firewall Rule> - Configuration of a Rule from this Firewall.
- Apply
Tos []FirewallApply To Args - Resources the firewall should be assigned to
- Labels map[string]string
- User-defined labels (key-value pairs) should be created with.
- Name string
- Name of the Firewall.
- Rules
[]Firewall
Rule Args - Configuration of a Rule from this Firewall.
- apply
Tos List<FirewallApply To> - Resources the firewall should be assigned to
- labels Map<String,String>
- User-defined labels (key-value pairs) should be created with.
- name String
- Name of the Firewall.
- rules
List<Firewall
Rule> - Configuration of a Rule from this Firewall.
- apply
Tos FirewallApply To[] - Resources the firewall should be assigned to
- labels {[key: string]: string}
- User-defined labels (key-value pairs) should be created with.
- name string
- Name of the Firewall.
- rules
Firewall
Rule[] - Configuration of a Rule from this Firewall.
- apply_
tos Sequence[FirewallApply To Args] - Resources the firewall should be assigned to
- labels Mapping[str, str]
- User-defined labels (key-value pairs) should be created with.
- name str
- Name of the Firewall.
- rules
Sequence[Firewall
Rule Args] - Configuration of a Rule from this Firewall.
- apply
Tos List<Property Map> - Resources the firewall should be assigned to
- labels Map<String>
- User-defined labels (key-value pairs) should be created with.
- name String
- Name of the Firewall.
- rules List<Property Map>
- Configuration of a Rule from this Firewall.
Outputs
All input properties are implicitly available as output properties. Additionally, the Firewall resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Firewall Resource
Get an existing Firewall resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: FirewallState, opts?: CustomResourceOptions): Firewall
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
apply_tos: Optional[Sequence[FirewallApplyToArgs]] = None,
labels: Optional[Mapping[str, str]] = None,
name: Optional[str] = None,
rules: Optional[Sequence[FirewallRuleArgs]] = None) -> Firewall
func GetFirewall(ctx *Context, name string, id IDInput, state *FirewallState, opts ...ResourceOption) (*Firewall, error)
public static Firewall Get(string name, Input<string> id, FirewallState? state, CustomResourceOptions? opts = null)
public static Firewall get(String name, Output<String> id, FirewallState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Apply
Tos List<Pulumi.HCloud. Inputs. Firewall Apply To> - Resources the firewall should be assigned to
- Labels Dictionary<string, string>
- User-defined labels (key-value pairs) should be created with.
- Name string
- Name of the Firewall.
- Rules
List<Pulumi.
HCloud. Inputs. Firewall Rule> - Configuration of a Rule from this Firewall.
- Apply
Tos []FirewallApply To Args - Resources the firewall should be assigned to
- Labels map[string]string
- User-defined labels (key-value pairs) should be created with.
- Name string
- Name of the Firewall.
- Rules
[]Firewall
Rule Args - Configuration of a Rule from this Firewall.
- apply
Tos List<FirewallApply To> - Resources the firewall should be assigned to
- labels Map<String,String>
- User-defined labels (key-value pairs) should be created with.
- name String
- Name of the Firewall.
- rules
List<Firewall
Rule> - Configuration of a Rule from this Firewall.
- apply
Tos FirewallApply To[] - Resources the firewall should be assigned to
- labels {[key: string]: string}
- User-defined labels (key-value pairs) should be created with.
- name string
- Name of the Firewall.
- rules
Firewall
Rule[] - Configuration of a Rule from this Firewall.
- apply_
tos Sequence[FirewallApply To Args] - Resources the firewall should be assigned to
- labels Mapping[str, str]
- User-defined labels (key-value pairs) should be created with.
- name str
- Name of the Firewall.
- rules
Sequence[Firewall
Rule Args] - Configuration of a Rule from this Firewall.
- apply
Tos List<Property Map> - Resources the firewall should be assigned to
- labels Map<String>
- User-defined labels (key-value pairs) should be created with.
- name String
- Name of the Firewall.
- rules List<Property Map>
- Configuration of a Rule from this Firewall.
Supporting Types
FirewallApplyTo, FirewallApplyToArgs
- Label
Selector string - Label Selector to select servers the firewall should be applied to (only one
of
server
andlabel_selector
can be applied in one block) - Server int
- ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- Label
Selector string - Label Selector to select servers the firewall should be applied to (only one
of
server
andlabel_selector
can be applied in one block) - Server int
- ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- label
Selector String - Label Selector to select servers the firewall should be applied to (only one
of
server
andlabel_selector
can be applied in one block) - server Integer
- ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- label
Selector string - Label Selector to select servers the firewall should be applied to (only one
of
server
andlabel_selector
can be applied in one block) - server number
- ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- label_
selector str - Label Selector to select servers the firewall should be applied to (only one
of
server
andlabel_selector
can be applied in one block) - server int
- ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
- label
Selector String - Label Selector to select servers the firewall should be applied to (only one
of
server
andlabel_selector
can be applied in one block) - server Number
- ID of the server you want to apply the firewall to (only one of
server
andlabel_selector
can be applied in one block)
FirewallRule, FirewallRuleArgs
- Direction string
- Direction of the Firewall Rule.
in
- Protocol string
- Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- Description string
- Description of the firewall rule
- Destination
Ips List<string> - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isout
) - Port string
- Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85. - Source
Ips List<string> - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isin
)
- Direction string
- Direction of the Firewall Rule.
in
- Protocol string
- Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- Description string
- Description of the firewall rule
- Destination
Ips []string - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isout
) - Port string
- Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85. - Source
Ips []string - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isin
)
- direction String
- Direction of the Firewall Rule.
in
- protocol String
- Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- description String
- Description of the firewall rule
- destination
Ips List<String> - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isout
) - port String
- Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85. - source
Ips List<String> - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isin
)
- direction string
- Direction of the Firewall Rule.
in
- protocol string
- Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- description string
- Description of the firewall rule
- destination
Ips string[] - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isout
) - port string
- Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85. - source
Ips string[] - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isin
)
- direction str
- Direction of the Firewall Rule.
in
- protocol str
- Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- description str
- Description of the firewall rule
- destination_
ips Sequence[str] - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isout
) - port str
- Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85. - source_
ips Sequence[str] - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isin
)
- direction String
- Direction of the Firewall Rule.
in
- protocol String
- Protocol of the Firewall Rule.
tcp
,icmp
,udp
,gre
,esp
- description String
- Description of the firewall rule
- destination
Ips List<String> - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isout
) - port String
- Port of the Firewall Rule. Required when
protocol
istcp
orudp
. You can useany
to allow all ports for the specific protocol. Port ranges are also possible:80-85
allows all ports between 80 and 85. - source
Ips List<String> - List of IPs or CIDRs that are allowed within this Firewall Rule (when
direction
isin
)
Import
Firewalls can be imported using its id
:
$ pulumi import hcloud:index/firewall:Firewall myfirewall id
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Hetzner Cloud pulumi/pulumi-hcloud
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
hcloud
Terraform Provider.