Firewall operates at the network level, filtering traffic before it reaches your instance, working independently from but complementing software-based firewalls running on your servers.
Firewalls are critical for controlling network traffic and protecting systems from unauthorized access. In cloud environments, network-level firewalls operate outside the instance, filtering traffic before it reaches the server, while software-based firewalls (like UFW, iptables, or firewalld) run within the instance itself.
Vultr Firewall rules operate at the network edge and take precedence over software-based firewall rules on instances. In Vultr Firewall, all traffic is dropped by default, meaning only explicitly defined accept rules are allowed. For example, if a Vultr Firewall rule accepts HTTP (port 80) traffic but a software firewall on the instance blocks it, the traffic is first filtered by the Vultr Firewall. Conversely, if the Vultr Firewall does not explicitly accept HTTP, the traffic is dropped regardless of the instance’s firewall configuration. This ensures predictable and centralized traffic control at the network level.