diff --git a/secrets.tfvars b/secrets.tfvars
index 3257687..804db6d 100644
--- a/secrets.tfvars
+++ b/secrets.tfvars
@@ -1 +1,2 @@
-netbox_token="7ce0d0b83c87c6ce79ac31a919b0fe9f95ff59de"
\ No newline at end of file
+netbox_token="7ce0d0b83c87c6ce79ac31a919b0fe9f95ff59de"
+hcloud_token="YS7VQRsJwQpPDSbtf3ZWOqjfEJiWHuEznfaq4uOFN5FbHdZBmHzaitArjgxdAIep"
\ No newline at end of file
diff --git a/terraform/prod__firewall.tf b/terraform/prod__firewall.tf
new file mode 100644
index 0000000..1537f33
--- /dev/null
+++ b/terraform/prod__firewall.tf
@@ -0,0 +1,22 @@
+resource "hcloud_firewall" "production_fw" {
+  name = "my-firewall"
+  rule {
+    direction = "in"
+    protocol  = "icmp"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+  rule {
+    direction = "in"
+    protocol  = "tcp"
+    port      = "80-85"
+    source_ips = [
+      "0.0.0.0/0",
+      "::/0"
+    ]
+  }
+
+}
\ No newline at end of file
diff --git a/terraform/provider.tf b/terraform/provider.tf
index 178b640..bedd378 100644
--- a/terraform/provider.tf
+++ b/terraform/provider.tf
@@ -17,7 +17,17 @@ variable netbox_token {
   sensitive   = true
 }
 
+variable hcloud_token {
+  type        = string
+  description = "hetzner cloud api token"
+  sensitive   = true
+}
+
 provider "netbox" {
   url   = http://91.98.205.65:8000
   token = var.netbox_token
+}
+
+provider "hcloud" {
+  token = var.hcloud_token
 }
\ No newline at end of file