3 files changed, 52 insertions, 0 deletions

diff --git a/digitalocean/firewall/main.tf b/digitalocean/firewall/main.tf
new file mode 100644
index 0000000..937a76a
--- /dev/null
+++ b/digitalocean/firewall/main.tf
@@ -0,0 +1,34 @@
+resource "digitalocean_firewall" "this" {
+  name        = var.name
+  droplet_ids = var.droplet_ids
+
+  inbound_rule {
+    protocol         = "icmp"
+    source_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  outbound_rule {
+    protocol              = "icmp"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+
+  dynamic "inbound_rule" {
+    for_each = var.open_ports
+
+    content {
+      protocol         = "tcp"
+      port_range       = inbound_rule.value
+      source_addresses = ["0.0.0.0/0", "::/0"]
+    }
+  }
+
+  outbound_rule {
+    protocol              = "tcp"
+    port_range            = "1-65535"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+  outbound_rule {
+    protocol              = "udp"
+    port_range            = "1-65535"
+    destination_addresses = ["0.0.0.0/0", "::/0"]
+  }
+}
diff --git a/digitalocean/firewall/providers.tf b/digitalocean/firewall/providers.tf
new file mode 100644
index 0000000..68aba8c
--- /dev/null
+++ b/digitalocean/firewall/providers.tf
@@ -0,0 +1,8 @@
+terraform {
+  required_providers {
+    digitalocean = {
+      source  = "digitalocean/digitalocean"
+      version = "~> 2.0"
+    }
+  }
+}
diff --git a/digitalocean/firewall/variables.tf b/digitalocean/firewall/variables.tf
new file mode 100644
index 0000000..6512f00
--- /dev/null
+++ b/digitalocean/firewall/variables.tf
@@ -0,0 +1,10 @@
+variable "name" {
+  type = string
+}
+variable "open_ports" {
+  type    = list(string)
+  default = ["22"]
+}
+variable "droplet_ids" {
+  type = list(string)
+}