missing options to attach a firewall to the packer instance ?

Question

missing options to attach a firewall to the packer instance ?

roberto-sebastiano opened this issue 8 months ago · 4 comments

roberto-sebastiano commented 8 months ago

Description

Hello, I don't see a way to attach an Hetzner firewall to the packer instance.

Use Case(s)

I'm building a packer instance on Hetzner that has NFS, this has rcp portmapper opened to the world and I'm receiving alerts from the cloud provider. I should be able to attach an Hetzner firewall to the packer instance like it is already done for all the other VMs I have

Potential configuration

something like firewall_id = number in source "hcloud" ?

Potential References

Thank you

Answer 1 · 2024-03-13T10:47:06.000Z

We are open to merging a pull request for this :)

Answer 2 · 2024-03-13T11:46:57.000Z

Due to time constrains on the project I'm working on, I can't work on this right now.
I can share the workaround for an ubuntu 22.04:

in the "os-setup.sh" (or shell provisioner), put these lines to allow ssh only:

apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install iptables -y
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -P INPUT DROP

Keep up the good work,
Roberto

Answer 3 · 2024-06-05T14:43:27.000Z

As a workaround, you can configure a firewall with a label selector, and use this label in the packer configuration:

source "hcloud" "example" {
  server_name = "hcloud-example"
  server_labels = {
    firewall-ssh-only = "enabled"
  }
}

Then for the firewall label selector, you can use: firewall-ssh-only or even firewall-ssh-only=enabled

Answer 4 · 2024-06-05T16:12:57.000Z

I'll give it a try, thanks