---
title: Update
url: https://docs.vultr.com/products/network/vpc-networks/nat-gateway/configuration/firewall-rules/update
description: Learn how to update NAT Gateway firewall rule notes via portal or API.
publish_date: 2025-08-20T15:34:30.347051Z
last_updated: 2026-05-26T20:01:53.815163Z
---

# How to Update a NAT Gateway Firewall Rule

Firewall rule updates allow you to modify the documentation notes attached to an existing rule. The traffic control parameters such as protocol, port, and subnet cannot be changed after the rule is created.

> [!NOTE]
> Only the `notes` field can be modified after creating a firewall rule. To change the protocol, port, or subnet, delete the existing rule and create a new one with the desired configuration.

Follow this guide to update a NAT Gateway subscription firewall notes field using the Vultr Console, API, CLI, or Terraform.

=== "Vultr Console"

    1. Navigate to **Products**, expand the **Network** drop-down and select **VPC Networks**.
    1. Select your target VPC Network with NAT Gateway connectivity.
    1. Scroll to the **NAT Firewall** section.
    1. Locate your target firewall rule in the list.
    1. Click the **Edit** icon (pencil icon) for the rule you want to modify.

        The Edit NAT Firewall Rule panel opens showing the current configuration. Only the **Note** field is editable. All other fields (Protocol, Subnet, Subnet Size, and Port/Range) are read-only.

    1. Update the **Note** field with your new description.
    1. Click **Save Changes**.

=== "Vultr API"

    1. Send a `GET` request to the [List VPCs endpoint](https://www.vultr.com/api/#tag/VPCs/operation/list-vpcs) to retrieve available VPCs.

        ```console
        $ curl "https://api.vultr.com/v2/vpcs" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

        The output displays all VPCs in your account. Note the `id` field for the target VPC.

    1. Send a `GET` request to the **List NAT Gateway subscriptions** endpoint to retrieve the gateway ID. Replace `VPC_ID` with the ID from the previous step.

        ```console
        $ curl "https://api.vultr.com/v2/vpcs/VPC_ID/nat-gateway" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

        The output displays NAT Gateway subscriptions for the VPC. Note the `id` field for the target gateway.

    1. Send a `GET` request to the **List NAT Gateway Firewall Rules** endpoint to retrieve firewall rule IDs. Replace `VPC_ID` and `NAT_GATEWAY_ID` with your values.

        ```console
        $ curl "https://api.vultr.com/v2/vpcs/VPC_ID/nat-gateway/NAT_GATEWAY_ID/global/firewall-rules" \
            -X GET \
            -H "Authorization: Bearer ${VULTR_API_KEY}"
        ```

        The output displays all firewall rules for the gateway. Each rule includes an `id`, `port`, `protocol`, `subnet`, and `notes` field. Note the `id` field for the rule you want to update.

    1. Send a `PUT` request to the **Update NAT Gateway Firewall Rule** endpoint. Replace `VPC_ID`, `NAT_GATEWAY_ID`, and `FIREWALL_RULE_ID` with your values.

        ```console
        $ curl "https://api.vultr.com/v2/vpcs/VPC_ID/nat-gateway/NAT_GATEWAY_ID/global/firewall-rules/FIREWALL_RULE_ID" \
            -X PUT \
            -H "Authorization: Bearer ${VULTR_API_KEY}" \
            -H "Content-Type: application/json" \
            --data '{
                "notes": "Updated firewall rule description"
            }'
        ```

        The output displays the updated firewall rule configuration with the modified notes.

=== "Vultr CLI"

    1. List all VPCs in your account to retrieve the VPC ID.

        ```console
        $ vultr-cli vpc list
        ```

    1. List NAT Gateway subscriptions for the VPC to retrieve the NAT Gateway ID.

        ```console
        $ vultr-cli vpc nat-gateway list <VPC_ID>
        ```

    1. List firewall rules for the NAT Gateway.

        ```console
        $ vultr-cli vpc nat-gateway firewall-rule list <VPC_ID> <NAT_GATEWAY_ID>
        ```

    1. Update the firewall rule notes.

        ```console
        $ vultr-cli vpc nat-gateway firewall-rule update <VPC_ID> <NAT_GATEWAY_ID> <FIREWALL_RULE_ID> \
            --notes="Updated firewall rule description"
        ```

        Run `vultr-cli vpc nat-gateway firewall-rule update --help` to view all available options.

=== "Terraform"

    1. Modify the `notes` attribute in your existing `vultr_nat_gateway_firewall_rule` resource block.

        ```terraform
        resource "vultr_nat_gateway_firewall_rule" "https" {
            vpc_id         = vultr_vpc.my_vpc.id
            nat_gateway_id = vultr_nat_gateway.my_nat.id
            protocol       = "tcp"
            port           = "443"
            subnet         = "0.0.0.0"
            subnet_size    = 0
            notes          = "Updated firewall rule description"
        }
        ```

        > [!NOTE]
        > Only the `notes` field can be updated in place. Changing `protocol`, `port`, `subnet`, or `subnet_size` causes Terraform to destroy and recreate the resource.

    1. Apply the configuration and observe the following output:

        ```
        Apply complete! Resources: 0 added, 1 changed, 0 destroyed.
        ```