missing options to attach a firewall to the packer instance ?

[roberto-sebastiano]

Description

Hello, I don't see a way to attach an Hetzner firewall to the packer instance.

Use Case(s)

I'm building a packer instance on Hetzner that has NFS, this has rcp portmapper opened to the world and I'm receiving alerts from the cloud provider. I should be able to attach an Hetzner firewall to the packer instance like it is already done for all the other VMs I have

Potential configuration

something like firewall_id = number in source "hcloud" ?

Potential References

Thank you

[jooola]

We are open to merging a pull request for this :)

[roberto-sebastiano]

Due to time constrains on the project I'm working on, I can't work on this right now.
I can share the workaround for an ubuntu 22.04:

in the "os-setup.sh" (or shell provisioner), put these lines to allow ssh only:

apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install iptables -y
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -P INPUT DROP

Keep up the good work,
Roberto

[jooola]

As a workaround, you can configure a firewall with a label selector, and use this label in the packer configuration:

source "hcloud" "example" {
  server_name = "hcloud-example"
  server_labels = {
    firewall-ssh-only = "enabled"
  }
}

Then for the firewall label selector, you can use: firewall-ssh-only or even firewall-ssh-only=enabled

[roberto-sebastiano]

I'll give it a try, thanks