infrastructure/terraform/modules/firewall/main.tf

terraform {
  required_providers {
    hcloud = {
      source = "hetznercloud/hcloud"
      version = "1.57.0"
    }
    netbox = {
      source = "e-breuninger/netbox"
      version = "5.0.0"
    }
  }
}

resource "hcloud_firewall" "prod-fw" {
  name = "prod-fw"
  rule {
    direction = "in"
    protocol  = "tcp"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
    port = "22"
    description = "Allow SSH"
  }
  rule {
    direction = "in"
    protocol  = "tcp"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
    port = "80"
    description = "Allow HTTP"
  }
  rule {
    direction = "in"
    protocol  = "tcp"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
    port = "443"
    description = "Allow HTTP/S"
  }
  rule {
    direction = "out"
    protocol  = "tcp"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
    description = "Allow all outbound TCP traffic"
  }
  rule {
    direction = "out"
    protocol  = "udp"
    destination_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
    description = "Allow all outbound UDP traffic"
  }
}