diff --git a/LICENSE b/LICENSE
index 777f189d0d89c34bf57ff1e179ffaae2a168e0e4..51d31cad15a369f9495558a774f6f07720e617b8 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2017-2020 The docker-machine-driver-hetzner team
+Copyright (c) 2017-2021 The docker-machine-driver-hetzner team
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
diff --git a/README.md b/README.md
index 9e88066fc86e5969c88e4749a40bb7f17643caae..697562736fb5067cb092f2dfbfb39db282d51a61 100644
--- a/README.md
+++ b/README.md
@@ -103,6 +103,7 @@ $ docker-machine create \
 - `--hetzner-volumes`: Volume IDs or names which should be attached to the server
 - `--hetzner-networks`: Network IDs or names which should be attached to the server private network interface
 - `--hetzner-use-private-network`: Use private network
+- `--hetzner-firewalls`: Firewall IDs or names which should be applied on the server
 - `--hetzner-server-label`: `key=value` pairs of additional metadata to assign to the server.
 
 #### Existing SSH keys
@@ -134,6 +135,7 @@ was used during creation.
 | `--hetzner-additional-key`          | `HETZNER_ADDITIONAL_KEYS`         | -                          |
 | `--hetzner-user-data`               | `HETZNER_USER_DATA`               | -                          |
 | `--hetzner-networks`                | `HETZNER_NETWORKS`                | -                          |
+| `--hetzner-firewalls`               | `HETZNER_FIREWALLS`               | -                          |
 | `--hetzner-volumes`                 | `HETZNER_VOLUMES`                 | -                          |
 | `--hetzner-use-private-network`     | `HETZNER_USE_PRIVATE_NETWORK`     | false                      |
 | `--hetzner-server-label`            | `HETZNER_SERVER_LABELS`           | `[]`                       |
diff --git a/driver.go b/driver.go
index 48cd509ee29abac8498e1ce1ecd5d02eb7df9417..39a0cb8bf65a9aeecba92cdbf9b22cd2b1514d9d 100644
--- a/driver.go
+++ b/driver.go
@@ -41,6 +41,7 @@ type Driver struct {
 	volumes           []string
 	networks          []string
 	UsePrivateNetwork bool
+	firewalls         []string
 	cachedServer      *hcloud.Server
 	serverLabels      map[string]string
 
@@ -64,6 +65,7 @@ const (
 	flagVolumes           = "hetzner-volumes"
 	flagNetworks          = "hetzner-networks"
 	flagUsePrivateNetwork = "hetzner-use-private-network"
+	flagFirewalls         = "hetzner-firewalls"
 	flagAdditionalKeys    = "hetzner-additional-key"
 	flagServerLabel       = "hetzner-server-label"
 )
@@ -151,6 +153,12 @@ func (d *Driver) GetCreateFlags() []mcnflag.Flag {
 			Name:   flagUsePrivateNetwork,
 			Usage:  "Use private network",
 		},
+		mcnflag.StringSliceFlag{
+			EnvVar: "HETZNER_FIREWALLS",
+			Name:   flagFirewalls,
+			Usage:  "Firewall IDs or names which should be applied on the server",
+			Value:  []string{},
+		},
 		mcnflag.StringSliceFlag{
 			EnvVar: "HETZNER_ADDITIONAL_KEYS",
 			Name:   flagAdditionalKeys,
@@ -179,6 +187,7 @@ func (d *Driver) SetConfigFromFlags(opts drivers.DriverOptions) error {
 	d.volumes = opts.StringSlice(flagVolumes)
 	d.networks = opts.StringSlice(flagNetworks)
 	d.UsePrivateNetwork = opts.Bool(flagUsePrivateNetwork)
+	d.firewalls = opts.StringSlice(flagFirewalls)
 	d.additionalKeys = opts.StringSlice(flagAdditionalKeys)
 
 	err := d.setLabelsFromFlags(opts)
@@ -327,6 +336,7 @@ func (d *Driver) Create() error {
 		UserData: d.userData,
 		Labels:   d.serverLabels,
 	}
+
 	networks := []*hcloud.Network{}
 	for _, networkIDorName := range d.networks {
 		network, _, err := d.getClient().Network.Get(context.Background(), networkIDorName)
@@ -340,6 +350,19 @@ func (d *Driver) Create() error {
 	}
 	srvopts.Networks = networks
 
+	firewalls := []*hcloud.ServerCreateFirewall{}
+	for _, firewallIDorName := range d.firewalls {
+		firewall, _, err := d.getClient().Firewall.Get(context.Background(), firewallIDorName)
+		if err != nil {
+			return errors.Wrap(err, "could not get firewall by ID or name")
+		}
+		if firewall == nil {
+			return errors.Errorf("firewall '%s' not found", firewallIDorName)
+		}
+		firewalls = append(firewalls, &hcloud.ServerCreateFirewall{Firewall: *firewall})
+	}
+	srvopts.Firewalls = firewalls
+
 	volumes := []*hcloud.Volume{}
 	for _, volumeIDorName := range d.volumes {
 		volume, _, err := d.getClient().Volume.Get(context.Background(), volumeIDorName)
diff --git a/go.mod b/go.mod
index 352ca861d647f0895b8f9f34098fd921c044a9a2..3ab9e7e882e389e2ce74f2382075b8d89048b528 100644
--- a/go.mod
+++ b/go.mod
@@ -6,8 +6,7 @@ require (
 	github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 // indirect
 	github.com/docker/docker v0.0.0-20181018193557-f7e5154f37a4 // indirect
 	github.com/docker/machine v0.16.2
-	github.com/google/go-cmp v0.3.0 // indirect
-	github.com/hetznercloud/hcloud-go v1.17.0
+	github.com/hetznercloud/hcloud-go v1.24.0
 	github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect
 	github.com/pkg/errors v0.8.1
 	github.com/sirupsen/logrus v1.4.2 // indirect
diff --git a/go.sum b/go.sum
index 397e06bd00136d17426b6d0d2fda7c59ffc7186a..f870f7125f825dd0c0d9b92cc63e0bb866c3246b 100644
--- a/go.sum
+++ b/go.sum
@@ -11,10 +11,13 @@ github.com/docker/machine v0.16.2 h1:jyF9k3Zg+oIGxxSdYKPScyj3HqFZ6FjgA/3sblcASiU
 github.com/docker/machine v0.16.2/go.mod h1:I8mPNDeK1uH+JTcUU7X0ZW8KiYz0jyAgNaeSJ1rCfDI=
 github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/hetznercloud/hcloud-go v1.14.0 h1:6IdF0Vox/6j1pyEdUCbFPIzEH/K9xZZzVuSFro8Y2vw=
 github.com/hetznercloud/hcloud-go v1.14.0/go.mod h1:8lR3yHBHZWy2uGcUi9Ibt4UOoop2wrVdERJgCtxsF3Q=
 github.com/hetznercloud/hcloud-go v1.17.0 h1:IKH0GLLoTEfgMuBY+GaaVTwjYChecrHFVo4/t0sIkGU=
 github.com/hetznercloud/hcloud-go v1.17.0/go.mod h1:8lR3yHBHZWy2uGcUi9Ibt4UOoop2wrVdERJgCtxsF3Q=
+github.com/hetznercloud/hcloud-go v1.24.0 h1:/CeHDzhH3Fhm83pjxvE3xNNLbvACl0Lu1/auJ83gG5U=
+github.com/hetznercloud/hcloud-go v1.24.0/go.mod h1:3YmyK8yaZZ48syie6xpm3dt26rtB6s65AisBHylXYFA=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s=
@@ -41,5 +44,6 @@ golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb h1:fgwFCsaw9buMuxNd6+DQfAuSFqbNiQZpcgJQAgJsK6k=
 golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gotest.tools v2.2.0+incompatible h1:VsBPFP1AI068pPrMxtb/S8Zkgf9xEmTLJjfM+P5UIEo=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=