---
title: Create
url: https://docs.vultr.com/reference/vultr-cli/firewall/rule/create
description: Creates a new security rule in a Vultr firewall group to control network traffic based on specified protocols, ports, and IP addresses.
publish_date: 2025-09-14T03:05:32.105629Z
last_updated: 2025-11-07T17:45:36.433172Z
---

The `vultr-cli firewall rule create` command adds a new security rule to a Vultr firewall group, controlling network traffic based on specified protocols, ports, and IP addresses.

## Usage

```console
$ vultr-cli firewall rule create <Firewall Group ID> [flags]
```

## Examples

```console
# Full examples
$ vultr-cli firewall rule create --id=f04ae5aa-ff6a-4078-900d-78cc17dca2d5 --ip-type=v4 --protocol=tcp --size=24 \
--subnet=127.0.0.0 --port=30000

$ vultr-cli firewall rule create --id=f04ae5aa-ff6a-4078-900d-78cc17dca2d5 --ip-type=v4 --protocol=icmp --size=24 \
--subnet=127.0.0.0

# Shortened example with aliases
$ vultr-cli fw r c -i=f04ae5aa-ff6a-4078-900d-78cc17dca2d5 -t=v4 -p=tcp -z=24 -s=127.0.0.0 -r=30000
```

## Flags
| Shorthand | Long Version | Description |
|-----------|--------------|-------------|
| -t | --ip-type | The type of IP rule - v4 or v6. |
| -n | --notes | (optional) This field supports notes up to 255 characters. |
| -r | --port | (optional) TCP/UDP only. This field can be an integer value specifying a port or a colon separated port range. |
| -p | --protocol | Protocol type. Possible values: `icmp`, `tcp`, `udp`, `gre`. |
| -z | --size | The number of bits for the netmask in CIDR notation. |
| - | --source | (optional) When empty, uses value from subnet and size. If "cloudflare", allows all Cloudflare IP space through firewall. |
| -s | --subnet | The IPv4 network in CIDR notation. |