Vultr DocsLatest Content

How to Create Vultr Firewall Rules

Updated on 12 September, 2025

Define network security policies that control inbound and outbound traffic to your Vultr resources.

Vultr Firewall rules enable traffic filtering using port numbers and source IP addresses for incoming network requests. A Vultr Firewall group contains multiple rules that define specific the flow of network traffic to attached instances.

Follow this guide to create Vultr Firewall rules using the Vultr Customer Portal, API, CLI, or Terraform.

  • Vultr Customer Portal
  • Vultr API
  • Vultr CLI
  • Terraform
  1. Navigate to Products, expand the Network drop-down and select Firewall from the list of options.
  2. Select your target firewall group to manage it.
  3. Click your target network type on the left navigation menu to modify the incoming traffic rules.
  4. Click the Protocol drop-down to select a common network application profile or choose Custom from the list and enter your target network port in the Port (or range) field.
  5. Click the Source drop-down, select your traffic source and enter the target source IP address.
  6. Click Add note and enter a descriptive label to identify the new firewall rule.
  7. Click Add Firewall Rule within the Action section to apply the new rule to your firewall group.

  1. Send a GET request to the List Firewall Groups endpoint and note the target firewall group ID in your output.

    console 
    $ curl "https://api.vultr.com/v2/firewalls" \
  -X GET \
  -H "Authorization: Bearer ${VULTR_API_KEY}"

  2. Send a GET request to the List Firewall Rules endpoint to view all active rules in the firewall group.

    console 
    $ curl "https://api.vultr.com/v2/firewalls/{firewall-group-id}/rules" \
   -X GET \
   -H "Authorization: Bearer ${VULTR_API_KEY}"

  3. Send a POST request to the Create Firewall Rules endpoint to create a new rule in the firewall group.

    console 
    $ curl "https://api.vultr.com/v2/firewalls/{firewall-group-id}/rules" \
   -X POST \
   -H "Authorization: Bearer ${VULTR_API_KEY}" \
   -H "Content-Type: application/json" \
   --data '{
     "ip_type" : "<network-type>",
     "protocol" : "<protocol>",
     "port" : "<target-instance-port>",
     "source" : "<source-address>",
     "notes" : "<label>"
   }'

    Visit the List Firewall Rules API page to view additional attributes to apply on the firewall rule.

  1. List all firewall groups in your Vultr account and note the target firewall group ID.

    console 
    $ vultr-cli firewall group list

  2. List all rules in the firewall group.

    console 
    $ vultr-cli firewall rule list <firewall-group-id>

  3. Create a new firewall rule.

    console 
    $ vultr-cli firewall rule create --id=<firewall-group-id> --ip-type=<network-type> --protocol=<protocol> --source=<source-address> --port=<target-instance-port>

    Run vultr-cli firewall rule create --help to view additional options to apply on the firewall rule.

  1. Open your Terraform configuration for the existing Firewall group.

  2. Add a vultr_firewall_rule for that group, then apply.

    terraform 
    resource "vultr_firewall_rule" "allow_ssh" {
    firewall_group_id = var.firewall_group_id
    protocol          = "tcp"
    port              = "22"
    ip_type           = "v4"
    subnet            = "0.0.0.0"
    subnet_size       = 0
    notes             = "Allow SSH"
}

  3. Apply the configuration and observe the following output:

    Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Comments

No comments yet.