Vultr DocsLatest Content

How to Enable a Vultr Firewall Group on a Vultr Cloud Compute Instance

Updated on 11 September, 2025

Learn how to activate a Vultr Firewall Group on your Cloud Compute instance to control network traffic.

Vultr Firewall groups allow you to create rules that filter incoming network traffic to an instance. Firewall rules define the network ports and services to control, filter, and secure network connections to the instance.

Follow this guide to enable a Vultr Firewall group on a Vultr Cloud Compute instance using the Vultr Customer Portal, API, CLI, or Terraform.

  • Vultr Customer Portal
  • Vultr API
  • Vultr CLI
  • Terraform
  1. Navigate to Products and click Compute.
  2. Click your target Vultr Cloud Compute instance to open its management page.
  3. Navigate to the Settings tab.
  4. Click Firewall on the left navigation menu.
  5. Click the Firewall drop-down to select a new firewall group.
  6. Click Update Firewall Group to enable the firewall group on the instance.

  1. Send a GET request to the List Instances endpoint and note your target instance's ID.

    console 
    $ curl "https://api.vultr.com/v2/instances" \
  -X GET \
  -H "Authorization: Bearer ${VULTR_API_KEY}"

  2. Send a GET request to the List Firewall Groups endpoint to list all available firewall groups.

    console 
    $ curl "https://api.vultr.com/v2/firewalls" \
  -X GET \
  -H "Authorization: Bearer ${VULTR_API_KEY}"

  3. Send a PATCH request to the Update Instance endpoint to attach a firewall group to the instance.

    console 
    $ curl "https://api.vultr.com/v2/instances/{instance-id}" \
  -X PATCH \
  -H "Authorization: Bearer ${VULTR_API_KEY}" \
  -H "Content-Type: application/json" \
  --data '{
    "firewall_group_id" : "<firewall-id>",
  }'

  1. List all available firewall groups and note the target firewall group's ID.

    console 
    $ vultr-cli firewall group list

  2. List all available instances and note your target instance's ID.

    console 
    $ vultr-cli instance list

  3. Attach the firewall group to the instance.

    console 
    $ vultr-cli instance update-firewall-group --instance-id <instance-id> --firewall-group-id <firewall-id>

  1. Open your Terraform configuration for the existing Cloud Compute instance.

  2. Create or reference a vultr_firewall_group resource and attach it to the instance.

    terraform 
    # Create a firewall group
resource "vultr_firewall_group" "web" {
    description = "Web server firewall group"
}

# Add example rules to the group
resource "vultr_firewall_rule" "allow_http" {
    firewall_group_id = vultr_firewall_group.web.id
    protocol          = "tcp"
    ip_type           = "v4"
    subnet            = "0.0.0.0"
    subnet_size       = 0
    port              = "80"
}

resource "vultr_firewall_rule" "allow_https" {
    firewall_group_id = vultr_firewall_group.web.id
    protocol          = "tcp"
    ip_type           = "v4"
    subnet            = "0.0.0.0"
    subnet_size       = 0
    port              = "443"
}

# Attach the firewall group to the instance
resource "vultr_instance" "cc" {
    # ...existing fields (region, plan, os_id, label, etc.)

    firewall_group_id = vultr_firewall_group.web.id
}

  3. Apply the configuration and observe the following output:

    Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Comments

No comments yet.