# Hetzner Cloud Firewall

resource "hcloud_firewall" "icmp" {
  name = "ICMP"
  rule {
    direction = "in"
    protocol  = "icmp"
    source_ips = [
      "0.0.0.0/0",
      "::/0"
    ]
  }
  apply_to {
    label_selector = "env=prod"
  }
}

resource "hcloud_firewall" "ssh" {
  name = "SSH"
  rule {
    direction = "in"
    protocol  = "tcp"
    port      = "22"
    source_ips = [
      var.bastion_host.ipv4,
      var.bastion_host.ipv6
    ]
  }
  apply_to {
    label_selector = "env=prod"
  }
}