Vultr DocsLatest Articles

How to Create Vultr Firewall Rules

Updated on November 27, 2024

Vultr Firewall rules enable traffic filtering using port numbers and source IP addresses for incoming network requests. A Vultr Firewall group contains multiple rules that define specific the flow of network traffic to attached instances.

Follow this guide to create Vultr Firewall rules using the Vultr Customer Portal, API, or CLI.

  • Vultr Customer Portal
  • Vultr API
  • Vultr CLI

  1. Navigate to Products, expand the Network drop-down and select Firewall from the list of options.

    Select Firewall

  2. Select your target firewall group to manage it.

    Select Firewall Group

  3. Click your target network type on the left navigation menu to modify the incoming traffic rules.

    Select Network Type

  4. Click the Protocol drop-down to select a common network application profile or choose Custom from the list and enter your target network port in the Port (or range) field.

    Set Up a new Firewall Rule

  5. Click the Source drop-down, select your traffic source and enter the target source IP address.

  6. Click Add note and enter a descriptive label to identify the new firewall rule.

  7. Click Add Firewall Rule within the Action section to apply the new rule to your firewall group.

    View Firewall Rules

  1. Send a GET request to the List Firewall Groups endpoint and note the target firewall group ID in your output.

    console 
    $ curl "https://api.vultr.com/v2/firewalls" \
  -X GET \
  -H "Authorization: Bearer ${VULTR_API_KEY}"

  2. Send a GET request to the List Firewall Rules endpoint to view all active rules in the firewall group.

    console 
    $ curl "https://api.vultr.com/v2/firewalls/{firewall-group-id}/rules" \
   -X GET \
   -H "Authorization: Bearer ${VULTR_API_KEY}"

  3. Send a POST request to the Create Firewall Rules endpoint to create a new rule in the firewall group.

    console 
    $ curl "https://api.vultr.com/v2/firewalls/{firewall-group-id}/rules" \
   -X POST \
   -H "Authorization: Bearer ${VULTR_API_KEY}" \
   -H "Content-Type: application/json" \
   --data '{
     "ip_type" : "<network-type>",
     "protocol" : "<protocol>",
     "port" : "<target-instance-port>",
     "source" : "<source-address>",
     "notes" : "<label>"
   }'

    Visit the List Firewall Rules API page to view additional attributes to apply on the firewall rule.

  1. List all firewall groups in your Vultr account and note the target firewall group ID.

    console 
    $ vultr-cli firewall group list

  2. List all rules in the firewall group.

    console 
    $ vultr-cli firewall rule list <firewall-group-id>

  3. Create a new firewall rule.

    console 
    $ vultr-cli firewall rule create --id=<firewall-group-id> --ip-type=<network-type> --protocol=<protocol> --source=<source-address> --port=<target-instance-port>

    Run vultr-cli firewall rule create --help to view additional options to apply on the firewall rule.