set_firewall_rules
Configure or replace firewall rules on Hetzner Cloud to control network traffic for your servers.
Instructions
Set rules for a firewall.
Sets the rules of a firewall. All existing rules will be overwritten.
Pass an empty rules array to remove all rules.
Example:
- Set rules: {"firewall_id": 12345, "rules": [{"direction": "in", "protocol": "tcp", "port": "80", "source_ips": ["0.0.0.0/0"]}]}Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| params | Yes |
Implementation Reference
- mcp_hetzner/server.py:794-842 (handler)The handler function for the 'set_firewall_rules' MCP tool. It retrieves the specified firewall, converts the provided rule parameters into hcloud FirewallRule objects, applies the rules using the Hetzner API client.firewalls.set_rules(), and returns the resulting actions.
def set_firewall_rules(params: SetFirewallRulesParams) -> Dict[str, Any]: """ Set rules for a firewall. Sets the rules of a firewall. All existing rules will be overwritten. Pass an empty rules array to remove all rules. Example: - Set rules: {"firewall_id": 12345, "rules": [{"direction": "in", "protocol": "tcp", "port": "80", "source_ips": ["0.0.0.0/0"]}]} """ try: firewall = client.firewalls.get_by_id(params.firewall_id) if not firewall: return {"error": f"Firewall with ID {params.firewall_id} not found"} # Convert rule parameters to FirewallRule objects rules = [] for rule_param in params.rules: rule = FirewallRule( direction=rule_param.direction, protocol=rule_param.protocol, source_ips=rule_param.source_ips, port=rule_param.port, destination_ips=rule_param.destination_ips, description=rule_param.description ) rules.append(rule) # Set the rules actions = client.firewalls.set_rules(firewall, rules) # Format the response return { "success": True, "actions": [ { "id": action.id, "status": action.status, "command": action.command, "progress": action.progress, "error": action.error, "started": action.started.isoformat() if action.started else None, "finished": action.finished.isoformat() if action.finished else None, } for action in actions ] if actions else None, } except Exception as e: return {"error": f"Failed to set firewall rules: {str(e)}"} - mcp_hetzner/server.py:205-208 (schema)Pydantic BaseModel defining the input schema for the set_firewall_rules tool, including firewall_id and rules list.
class SetFirewallRulesParams(BaseModel): firewall_id: int = Field(..., description="The ID of the firewall") rules: List[FirewallRuleParam] = Field(..., description="List of firewall rules") - mcp_hetzner/server.py:177-183 (schema)Pydantic BaseModel defining the structure for individual firewall rules used in set_firewall_rules.
class FirewallRuleParam(BaseModel): direction: str = Field(..., description="Direction of the rule (in or out)") protocol: str = Field(..., description="Protocol (tcp, udp, icmp, esp, or gre)") source_ips: List[str] = Field(..., description="List of source IPs in CIDR notation") port: Optional[str] = Field(None, description="Port or port range (e.g., '80' or '80-85'), only for TCP/UDP") destination_ips: Optional[List[str]] = Field(None, description="List of destination IPs in CIDR notation") description: Optional[str] = Field(None, description="Description of the rule") - mcp_hetzner/server.py:794-794 (registration)The @mcp.tool() decorator registers the set_firewall_rules function as an MCP tool.
def set_firewall_rules(params: SetFirewallRulesParams) -> Dict[str, Any]: