hetzner.hcloud.hcloud_firewall – Create and manage firewalls on the Hetzner Cloud.
Note
This plugin is part of the hetzner.hcloud collection (version 1.6.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install hetzner.hcloud.
To use it in a playbook, specify: hetzner.hcloud.hcloud_firewall.
Synopsis
- Create, update and manage firewalls on the Hetzner Cloud.
Requirements
The below requirements are needed on the host that executes this module.
- hcloud-python >= 1.0.0
Parameters
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| api_token
string / required
|
This is the API Token for the Hetzner Cloud.
|
||
| endpoint
string
|
Default:
"https://api.hetzner.cloud/v1"
|
This is the API Endpoint for the Hetzner Cloud.
|
|
| id
integer
|
The ID of the Hetzner Cloud firewall to manage.
Only required if no firewall name is given
|
||
| labels
dictionary
|
User-defined labels (key-value pairs)
|
||
| name
string
|
The Name of the Hetzner Cloud firewall to manage.
Only required if no firewall id is given, or a firewall does not exists.
|
||
| rules
list / elements=dictionary
|
List of rules the firewall should contain.
|
||
| description
string
|
User defined description of this rule.
|
||
| destination_ips
list / elements=string
|
List of CIDRs that are allowed within this rule
|
||
| direction
string
|
|
The direction of the firewall rule.
|
|
| port
string
|
The port of the firewall rule.
|
||
| protocol
string
|
|
The protocol of the firewall rule.
|
|
| source_ips
list / elements=string
|
List of CIDRs that are allowed within this rule
|
||
| state
string
|
|
State of the firewall.
|
|
See Also
See also
- Documentation for Hetzner Cloud API
-
Complete reference for the Hetzner Cloud API.
Examples
- name: Create a basic firewall
hcloud_firewall:
name: my-firewall
state: present
- name: Create a firewall with rules
hcloud_firewall:
name: my-firewall
rules:
- direction: in
protocol: icmp
source_ips:
- 0.0.0.0/0
- ::/0
description: allow icmp in
state: present
- name: Create a firewall with labels
hcloud_firewall:
name: my-firewall
labels:
key: value
mylabel: 123
state: present
- name: Ensure the firewall is absent (remove if needed)
hcloud_firewall:
name: my-firewall
state: absent
Return Values
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | ||
|---|---|---|---|---|
| hcloud_firewall
complex
|
Always |
The firewall instance
|
||
| id
integer
|
always |
Numeric identifier of the firewall
Sample:
1937415
|
||
| labels
dictionary
|
always |
User-defined labels (key-value pairs)
|
||
| name
string
|
always |
Name of the firewall
Sample:
my firewall
|
||
| rules
complex
|
always |
List of Rules within this Firewall
|
||
| description
string
|
always |
User defined description of the Firewall Rule
|
||
| destination_ips
list / elements=string
|
always |
Source IPs of the Firewall
|
||
| direction
string
|
always |
Direction of the Firewall Rule
Sample:
in
|
||
| port
string
|
always |
Port of the Firewall Rule, None/Null if protocol is icmp
Sample:
in
|
||
| protocol
string
|
always |
Protocol of the Firewall Rule
Sample:
icmp
|
||
| source_ips
list / elements=string
|
always |
Source IPs of the Firewall
|
||
Authors
- Lukas Kaemmerling (@lkaemmerling)
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/hetzner/hcloud/hcloud_firewall_module.html