Note
This plugin is part of the hetzner.hcloud collection (version 1.6.0).
You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.
To install it, use: ansible-galaxy collection install hetzner.hcloud.
To use it in a playbook, specify: hetzner.hcloud.hcloud_firewall.
The below requirements are needed on the host that executes this module.
| Parameter | Choices/Defaults | Comments | |
|---|---|---|---|
| api_token string / required | This is the API Token for the Hetzner Cloud. | ||
| endpoint string | Default: "https://api.hetzner.cloud/v1" | This is the API Endpoint for the Hetzner Cloud. | |
| id integer | The ID of the Hetzner Cloud firewall to manage. Only required if no firewall name is given | ||
| labels dictionary | User-defined labels (key-value pairs) | ||
| name string | The Name of the Hetzner Cloud firewall to manage. Only required if no firewall id is given, or a firewall does not exists. | ||
| rules list / elements=dictionary | List of rules the firewall should contain. | ||
| description string | User defined description of this rule. | ||
| destination_ips list / elements=string | List of CIDRs that are allowed within this rule | ||
| direction string |
| The direction of the firewall rule. | |
| port string | The port of the firewall rule. | ||
| protocol string |
| The protocol of the firewall rule. | |
| source_ips list / elements=string | List of CIDRs that are allowed within this rule | ||
| state string |
| State of the firewall. | |
See also
Complete reference for the Hetzner Cloud API.
- name: Create a basic firewall
hcloud_firewall:
name: my-firewall
state: present
- name: Create a firewall with rules
hcloud_firewall:
name: my-firewall
rules:
- direction: in
protocol: icmp
source_ips:
- 0.0.0.0/0
- ::/0
description: allow icmp in
state: present
- name: Create a firewall with labels
hcloud_firewall:
name: my-firewall
labels:
key: value
mylabel: 123
state: present
- name: Ensure the firewall is absent (remove if needed)
hcloud_firewall:
name: my-firewall
state: absent
Common return values are documented here, the following are the fields unique to this module:
| Key | Returned | Description | ||
|---|---|---|---|---|
| hcloud_firewall complex | Always | The firewall instance | ||
| id integer | always | Numeric identifier of the firewall Sample: 1937415 | ||
| labels dictionary | always | User-defined labels (key-value pairs) | ||
| name string | always | Name of the firewall Sample: my firewall | ||
| rules complex | always | List of Rules within this Firewall | ||
| description string | always | User defined description of the Firewall Rule | ||
| destination_ips list / elements=string | always | Source IPs of the Firewall | ||
| direction string | always | Direction of the Firewall Rule Sample: in | ||
| port string | always | Port of the Firewall Rule, None/Null if protocol is icmp Sample: in | ||
| protocol string | always | Protocol of the Firewall Rule Sample: icmp | ||
| source_ips list / elements=string | always | Source IPs of the Firewall | ||
© 2012–2018 Michael DeHaan
© 2018–2021 Red Hat, Inc.
Licensed under the GNU General Public License version 3.
https://docs.ansible.com/ansible/latest/collections/hetzner/hcloud/hcloud_firewall_module.html