{"results":[{"id":"economic-model-aggressively-entry-friendly","text":"Hetzner's economic model is aggressively entry-friendly — no minimum contracts, hourly billing with monthly caps, and comprehensive free infrastructure services (firewalls, DDoS, private networks, IPv6, support) minimize both financial risk and ongoing overhead for new deployments.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"firewall-decoupled-dynamic-policy","text":"Hetzner Cloud Firewalls operate as decoupled top-level resources with many-to-many server relationships and dynamic label-selector application, enabling policy-as-code security management where firewall rules automatically apply to any server matching a label selector.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"firewall-dynamic-policy-with-protocol-complexity","text":"Hetzner Cloud firewalls combine powerful dynamic policy primitives (decoupled many-to-many server relationships, label-selector auto-application across the fleet) with protocol-specific configuration complexity (port valid only for TCP/UDP, direction-driven IP flag requirements, CIDR notation) — powerful at the policy level but requiring protocol-aware rule templating for reliable automation.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"firewall-rules-protocol-asymmetric-requirements","text":"Firewall rule configuration has protocol-asymmetric requirements — port specification is valid only for TCP/UDP (not ICMP/ESP/GRE), direction determines which IP flag is required (source for inbound, destination for outbound), and CIDR notation is mandatory for all IP specifications.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"firewalls-stateless-and-free","text":"Hetzner Cloud Firewalls are stateless and incur no additional cost.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-apply-type-required","text":"The `--type` flag is required when applying a firewall to a resource, with two valid values: `server` and `label_selector`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-create-name-required","text":"The `--name` flag is required when creating a firewall with `hcloud firewall create`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-create-rules-file-stdin","text":"`hcloud firewall create` accepts `--rules-file` to load rules from a JSON file, or `-` to read from stdin.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-describe-accepts-name-or-id","text":"`hcloud firewall describe` accepts either a firewall name or ID as the positional argument.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-describe-output-formats","text":"`hcloud firewall describe` supports `json`, `yaml`, and custom `format` output via the `-o` flag.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-five-protocols","text":"Hetzner Cloud firewall rules support five protocols: `tcp`, `udp`, `icmp`, `esp`, and `gre`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-ips-cidr-notation","text":"Firewall rule IP addresses must be specified in CIDR notation (e.g., `0.0.0.0/0` for all IPv4).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-label-selector-dynamic-application","text":"Using `--type label_selector` with `hcloud firewall apply-to-resource` dynamically applies the firewall to all resources matching the label.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-many-to-many-with-servers","text":"Firewalls are decoupled from servers in a many-to-many relationship, applied individually via `apply-to-resource` and removed via `remove-from-resource`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-port-only-tcp-udp","text":"The `--port` flag on firewall rules is only valid for `tcp` and `udp` protocols; it cannot be used with `icmp`, `esp`, or `gre`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-port-range-dash-syntax","text":"Firewall rule port ranges use dash syntax (e.g., `80-85`).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-rule-direction-determines-ip-flag","text":"Firewall rule direction determines the required IP flag: `in` requires `--source-ips`, `out` requires `--destination-ips`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-rule-management-two-approaches","text":"Firewall rules can be managed individually (`add-rule`/`delete-rule`) or replaced in bulk from a file (`replace-rules`).","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewall-top-level-resource","text":"Firewalls are a top-level resource in Hetzner Cloud, managed through the `hcloud firewall` command group.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"hcloud-firewalls-stateless-and-free","text":"Hetzner Cloud Firewalls are stateless (not stateful) and free of charge","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":28,"limit":20,"offset":0}