How to Enable a Vultr Firewall Group on a Vultr Cloud GPU Instance

Updated on 28 August, 2025

Vultr Firewall groups enable the creation of firewall rules to filter incoming traffic on an instance's public network interface. Firewall rules consist of IPv4 or IPv6 port and service definitons to filter network traffic.

Follow this guide to enable a Vultr Firewall group on a Vultr Cloud GPU instance using the Vultr Customer Portal, API, CLI, or Terraform.

  • Vultr Customer Portal
  • Vultr API
  • Vultr CLI
  • Terraform
  1. Navigate to Products and click Compute.
  2. Click your target instance to open its management page.
  3. Navigate to the Settings tab.
  4. Click Firewall on the left navigation menu.
  5. Click the Firewall drop-down to select a new firewall group.
  6. Click Update Firewall Group to apply changes on the instance.
  1. Send a GET request to the List Instances endpoint and note the target instance's ID in your output.

    console
    $ curl "https://api.vultr.com/v2/instances" \
      -X GET \
      -H "Authorization: Bearer ${VULTR_API_KEY}"
    
  2. Send a GET request to the List Firewall Groups endpoint to list all firewall groups in your Vultr account.

    console
    $ curl "https://api.vultr.com/v2/firewalls" \
      -X GET \
      -H "Authorization: Bearer ${VULTR_API_KEY}"
    
  3. Send a PATCH request to the Update Instance endpoint to attach a firewall group to the instance.

    console
    $ curl "https://api.vultr.com/v2/instances/{instance-id}" \
      -X PATCH \
      -H "Authorization: Bearer ${VULTR_API_KEY}" \
      -H "Content-Type: application/json" \
      --data '{
        "firewall_group_id" : "<firewall-id>",
      }'
    
  1. List all firewall groups in your Vultr account and note the target firewall group's ID.

    console
    $ vultr-cli firewall group list
    
  2. List all instances in your Vultr account and note the target instance's ID.

    console
    $ vultr-cli instance list
    
  3. Attach the firewall group to the instance.

    console
    $ vultr-cli instance update-firewall-group --instance-id <instance-id> --firewall-group-id <firewall-id>
    
  1. Open your Terraform configuration for the existing Cloud GPU instance.

  2. Create or reference a vultr_firewall_group resource and attach it to the instance.

    terraform
    # Create a firewall group
    resource "vultr_firewall_group" "web" {
        description = "Web server firewall group"
    }
    
    # Add example rules to the group
    resource "vultr_firewall_rule" "allow_http" {
        firewall_group_id = vultr_firewall_group.web.id
        protocol          = "tcp"
        ip_type           = "v4"
        subnet            = "0.0.0.0"
        subnet_size       = 0
        port              = "80"
    }
    
    resource "vultr_firewall_rule" "allow_https" {
        firewall_group_id = vultr_firewall_group.web.id
        protocol          = "tcp"
        ip_type           = "v4"
        subnet            = "0.0.0.0"
        subnet_size       = 0
        port              = "443"
    }
    
    # Attach the firewall group to the GPU instance
    resource "vultr_instance" "gpu" {
        # ...existing fields (region, plan, os_id, label, etc.)
    
        firewall_group_id = vultr_firewall_group.web.id
    }
    
  3. Apply the configuration and observe the following output:

    Apply complete! Resources: 3 added, 0 changed, 0 destroyed.

Comments

No comments yet.