feat: add firewall resource configuration with inbound and outbound rules

2025-12-23 22:31:21 +01:00
parent 94538ef540
commit 149f2f0d40
1 changed files with 51 additions and 0 deletions
--- a/terraform/modules/firewall/main.tf
+++ b/terraform/modules/firewall/main.tf
@@ -0,0 +1,51 @@
+resource "hcloud_firewall" "prod-fw" {
+  name = "prod-fw"
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+    port = "22"
+    description = "Allow SSH"
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+    port = "80"
+    description = "Allow HTTP"
+  }
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+    port = "443"
+    description = "Allow HTTP/S"
+  }
+  rule {
+    direction = "out"
+    protocol  = "tcp"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+    description = "Allow all outbound TCP traffic"
+  }
+  rule {
+    direction = "out"
+    protocol  = "udp"
+    destination_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+    description = "Allow all outbound UDP traffic"
+  }
+}