--- title: Firewall url: https://docs.vultr.com/products/network/load-balancer/configuration/networking/firewall description: A security feature that allows you to control network traffic to your Vultr resources by configuring access rules. publish_date: 2024-09-23T20:20:59.320728Z last_updated: 2026-05-26T19:55:48.968257Z --- # How to Configure Firewall Rules for Vultr Load Balancer Configuring Firewall Rules for Vultr Load Balancer allows you to control the traffic that can reach your load-balanced applications. By setting up firewall rules, you can specify which IP addresses and ports are allowed or blocked, enhancing the security of your services. This feature helps protect your backend servers from unauthorized access and potential threats by filtering incoming traffic based on your defined criteria. Follow this guide to configure firewall rules for your Vultr Load Balancer using the Vultr Console, API, CLI, or Terraform. === "Vultr Console" 1. Navigate to **Products** and click **Load Balancers**. 1. Click your target Load Balancer to open its management page. 1. Scroll down to **Load Balancer Configuration**, then click the pencil icon in the **Firewall Rules** section. 1. Add rules by specifying **Port**, **IP Type (v4/v6)**, and **Source** (CIDR). 1. Click **Save changes**. === "Vultr API" 1. Send a `GET` request to the [**List Load Balancers** endpoint](https://www.vultr.com/api/#tag/load-balancer/operation/list-load-balancers) and note the target Load Balancer's ID. ```console $ curl "https://api.vultr.com/v2/load-balancers" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}" ``` 1. Send a `PATCH` request to the [**Update Load Balancer** endpoint](https://www.vultr.com/api/#tag/load-balancer/operation/update-load-balancer) to add a firewall rule to the target Load Balancer's algorithm. ```console $ curl "https://api.vultr.com/v2/load-balancers/{load-balancer-id}" \ -X PATCH \ -H "Authorization: Bearer ${VULTR_API_KEY}" \ -H "Content-Type: application/json" \ --data '{ "firewall_rules": [ { "port" : {allowed_port_number}, "ip_type" : "{v4_or_v6}", "source" : "{source_ip_cidr}" } ] }' ``` 1. Send a `GET` request to the [**List Firewall Rules** endpoint](https://www.vultr.com/api/#tag/load-balancer/operation/list-loadbalancer-firewall-rules) to view all firewall rules set for the target Load Balancer. ```console $ curl "https://api.vultr.com/v2/load-balancers/{load-balancer-id}/firewall-rules" \ -X GET \ -H "Authorization: Bearer ${VULTR_API_KEY}" ``` === "Vultr CLI" 1. List all available instances and note the target Load Balancer's ID. ```console $ vultr-cli load-balancer list ``` 1. Add firewall rule to the target Load Balancer. ```console $ vultr-cli load-balancer update --firewall-rules "port:,ip_type:,source:" ``` 1. View all firewall rules set for the target Load Balancer. ```console $ vultr-cli load-balancer firewall list ``` === "Terraform" 1. Open your Terraform configuration file for the existing Load Balancer. 1. Add `firewall_rules` blocks to allow specific ports and sources, then apply. ```terraform resource "vultr_load_balancer" "lb" { # ...existing fields (region, label, forwarding_rules, health_check, etc.) firewall_rules { frontend_port = 443 ip_type = "v4" source = "0.0.0.0/0" } firewall_rules { frontend_port = 8080 ip_type = "v6" source = "::/0" } } ``` 1. Apply the configuration and observe the following output: ``` Apply complete! Resources: 0 added, 1 changed, 0 destroyed. ```