diff --git a/changelogs/fragments/hcloud_firewall-esp-gre.yml b/changelogs/fragments/hcloud_firewall-esp-gre.yml
new file mode 100644
index 0000000..0e34016
--- /dev/null
+++ b/changelogs/fragments/hcloud_firewall-esp-gre.yml
@@ -0,0 +1,2 @@
+minor_changes:
+  - hcloud_firewall - add support for esp and gre protocols
diff --git a/plugins/modules/hcloud_firewall.py b/plugins/modules/hcloud_firewall.py
index 61bc88a..a979e29 100644
--- a/plugins/modules/hcloud_firewall.py
+++ b/plugins/modules/hcloud_firewall.py
@@ -55,17 +55,19 @@ options:
                 description:
                     - The protocol of the firewall rule.
                 type: str
-                choices: [ icmp, tcp, udp ]
+                choices: [ icmp, tcp, udp, esp, gre ]
             source_ips:
                 description:
                     - List of CIDRs that are allowed within this rule
                 type: list
                 elements: str
+                default: [ ]
             destination_ips:
                 description:
                     - List of CIDRs that are allowed within this rule
                 type: list
                 elements: str
+                default: [ ]
             description:
                 description:
                     - User defined description of this rule.
@@ -306,7 +308,7 @@ class AnsibleHcloudFirewall(Hcloud):
                     elements="dict",
                     options=dict(
                         direction={"type": "str", "choices": ["in", "out"]},
-                        protocol={"type": "str", "choices": ["icmp", "udp", "tcp"]},
+                        protocol={"type": "str", "choices": ["icmp", "udp", "tcp", "esp", "gre"]},
                         port={"type": "str"},
                         source_ips={"type": "list", "elements": "str", "default": []},
                         destination_ips={"type": "list", "elements": "str", "default": []},