{"id":32512993,"url":"https://github.com/aljazceru/hfm","last_synced_at":"2025-10-27T22:49:04.947Z","repository":{"id":313793042,"uuid":"1052213081","full_name":"aljazceru/hfm","owner":"aljazceru","description":"Hetzner robot firewall cli ","archived":false,"fork":false,"pushed_at":"2025-09-08T14:43:08.000Z","size":16,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-10-20T00:46:04.241Z","etag":null,"topics":["hetzner","hetzner-robot-api"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"unlicense","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aljazceru.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-07T16:29:32.000Z","updated_at":"2025-09-09T11:22:36.000Z","dependencies_parsed_at":"2025-09-08T14:45:54.651Z","dependency_job_id":"50a71158-4872-4ce0-9e35-bde1dd4d4730","html_url":"https://github.com/aljazceru/hfm","commit_stats":null,"previous_names":["aljazceru/hfm"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aljazceru/hfm","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aljazceru%2Fhfm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aljazceru%2Fhfm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aljazceru%2Fhfm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aljazceru%2Fhfm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aljazceru","download_url":"https://codeload.github.com/aljazceru/hfm/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aljazceru%2Fhfm/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":281355363,"owners_count":26486896,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-27T02:00:05.855Z","response_time":61,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hetzner","hetzner-robot-api"],"created_at":"2025-10-27T22:49:04.282Z","updated_at":"2025-10-27T22:49:04.942Z","avatar_url":"https://github.com/aljazceru.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Hetzner Firewall Manager\n\nA Python tool to manage Hetzner Robot Firewall configurations via the API.\n\n## Features\n\n- Import existing firewall configurations from all your Hetzner servers\n- Add your current public IP to all servers with one command  \n- Add/remove specific IPs across all servers\n- Verify that changes are actually applied\n- Maintain a local configuration file for easy management\n\n## Installation\n\n1. Install dependencies:\n```bash\npip install requests python-dotenv\n```\n\n2. Create a `.env` file with your Hetzner Robot credentials:\n```bash\nHETZNER_USER=your_username\nHETZNER_PASS=your_password\n```\n\n## Quick Start\n\n1. **Import existing firewall configurations:**\n```bash\npython3 hfw.py bootstrap\n```\n\n2. **Add your current IP to all servers:**\n```bash\npython3 hfw.py whitelist-current --comment \"Home office\"\n```\n\n3. **Verify the IP was added:**\n```bash\npython3 hfw.py whitelist-current --comment \"Home office\" --verify\n```\n\n## Usage\n\n### Commands\n\n#### Bootstrap - Import existing configurations\n```bash\npython3 hfw.py bootstrap\n```\nImports all existing firewall configurations from your Hetzner servers.\n\n#### Whitelist Current IP\n```bash\npython3 hfw.py whitelist-current [options]\n  --comment, -c    Comment for the IP (default: \"Current location\")\n  --verify, -v     Verify the IP was added\n```\nAutomatically detects your current public IP and adds it to all servers.\n\n#### Remove Current IP\n```bash\npython3 hfw.py remove-current [options]\n  --verify, -v     Verify the IP was removed\n```\nAutomatically detects your current public IP and removes it from all servers.\n\n#### Add Specific IP\n```bash\npython3 hfw.py add \u003cip\u003e [options]\n  --comment, -c    Comment for the IP\n  --profile, -p    Specific profile (default: all)\n```\nExample:\n```bash\npython3 hfw.py add 203.0.113.10 --comment \"Office\"\n```\n\n#### Remove IP\n```bash\npython3 hfw.py remove \u003cip\u003e [options]\n  --profile, -p    Specific profile (default: all)\n```\nExample:\n```bash\npython3 hfw.py remove 203.0.113.10\n```\n\n#### List Profiles\n```bash\npython3 hfw.py list\n```\nShows all configured server profiles.\n\n#### List Whitelisted IPs\n```bash\npython3 hfw.py list-ips [options]\n  --profile, -p    Specific profile (default: all)\n```\nShows all whitelisted IPs for each server.\n\n#### Verify IP\n```bash\npython3 hfw.py verify \u003cip\u003e\n```\nChecks if an IP is whitelisted on all servers.\n\n## Configuration File\n\nThe tool maintains a `firewall_config.json` file with your server profiles and whitelisted IPs. This file is created automatically when you run `bootstrap`.\n\nExample structure:\n```json\n{\n  \"profiles\": {\n    \"web-server\": {\n      \"server_ip\": \"203.0.113.1\",\n      \"server_name\": \"web-server\",\n      \"permanent_whitelist\": [\n        {\n          \"ip\": \"198.51.100.5/32\",\n          \"ports\": [],\n          \"comment\": \"Office\"\n        }\n      ],\n      \"filter_ipv6\": false,\n      \"whitelist_hos\": true\n    }\n  }\n}\n```\n\n## Common Workflows\n\n### Initial Setup\n```bash\n# 1. Set up credentials\necho \"HETZNER_USER=your_username\" \u003e .env\necho \"HETZNER_PASS=your_password\" \u003e\u003e .env\n\n# 2. Import existing configurations\npython3 hfw.py bootstrap\n\n# 3. Add your current IP\npython3 hfw.py whitelist-current --comment \"Home\" --verify\n```\n\n### Daily Usage - Working from Different Locations\n```bash\n# When working from a new location, simply run:\npython3 hfw.py whitelist-current --comment \"Coffee shop\" --verify\n\n# When leaving a location, remove your IP:\npython3 hfw.py remove-current --verify\n```\n\n### Managing Office IPs\n```bash\n# Add office IP to all servers\npython3 hfw.py add 203.0.113.10 --comment \"Main office\"\n\n# Remove old office IP\npython3 hfw.py remove 198.51.100.5\n```\n\n## Important Notes\n\n- Changes may take 20-30 seconds to apply on Hetzner servers\n- The tool preserves all existing firewall rules\n- Always maintain at least one permanent IP with SSH access as a fallback\n- The API uses URL-encoded format, not JSON\n\n## Troubleshooting\n\n### Changes not applying\n- Wait at least 30 seconds for changes to propagate\n- Use the `--verify` flag to confirm changes are applied\n- Check that the server has a firewall configured in the Hetzner Robot panel\n\n### Authentication issues\n- Verify your credentials in the `.env` file\n- Ensure you're using Robot API credentials, not Cloud API\n\n### No servers found\n- Check that your servers have firewalls configured\n- Verify your account has access to the servers\n\n## Security\n\n- Never commit the `.env` file to version control\n- Keep your `firewall_config.json` secure as it contains server information\n- Always test firewall changes carefully to avoid locking yourself out\n- Maintain at least one permanent IP with SSH access\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faljazceru%2Fhfm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faljazceru%2Fhfm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faljazceru%2Fhfm/lists"}