diff --git a/changelogs/fragments/require-firewall-port-argument-on-tcp-or-udp-protocol.yaml b/changelogs/fragments/require-firewall-port-argument-on-tcp-or-udp-protocol.yaml
new file mode 100644
index 0000000..8474078
--- /dev/null
+++ b/changelogs/fragments/require-firewall-port-argument-on-tcp-or-udp-protocol.yaml
@@ -0,0 +1,2 @@
+bugfixes:
+  - hcloud_firewall - The port argument is required when the firewall rule protocol is `udp` or `tcp`.
diff --git a/plugins/modules/hcloud_firewall.py b/plugins/modules/hcloud_firewall.py
index 9669cc1..f2ee2c0 100644
--- a/plugins/modules/hcloud_firewall.py
+++ b/plugins/modules/hcloud_firewall.py
@@ -314,6 +314,10 @@ class AnsibleHCloudFirewall(AnsibleHCloud):
                         description={"type": "str"},
                     ),
                     required_together=[["direction", "protocol"]],
+                    required_if=[
+                        ["protocol", "udp", ["port"]],
+                        ["protocol", "tcp", ["port"]],
+                    ],
                 ),
                 labels={"type": "dict"},
                 state={