# Create an NIC-based Firewall Rule

To create a Firewall rule, follow these steps:

1\. In the **DCD**, go to **Menu** > **Virtual Data Centers**.

2\. Select the data center to activate firewall.

3\. In the Workspace, select a Virtual Machine with a **NIC**.

4\. From the Inspector pane, open the **Network** tab.

5\. Open the properties of the NIC to manage its Firewall Rules.

6\. Click **Manage Rules**.

7\. Click **Create Firewall Rule** and choose from the following type of Firewall rules to add from the drop-down list:

* TCP Rule
* UDP Rule
* ICMP Rule
* ICMPv6 Rule
* VRRP Rule
* GRE Rule
* AH Rule
* ESP Rule
* Any Protocol

![Create a Firewall Rule](/files/ToDVEfEz5FH9NT6ChnnE)

8\. Enter values for the following in a Firewall rule:

* **Name:** Enter a name for the rule.
* **Direction:** Choose the traffic direction between **Ingress** and **Egress**.
* **Source MAC:** Enter the Media Access Control (MAC) address to be passed through by the firewall.
* **Source IP/CIDR:** Enter the [<mark style="color:blue;">IP address</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#ip-address) to be passed through by the Firewall.
* **Destination IP/CIDR:** If you use virtual IP addresses on the same network interface, you can enter them here to allow access.
* **Port Range Start:** Set the first port of an entire port range.
* **Port Range End:** Set the last port of a port range or enter the port from Port Range Start if you only want this port to be allowed.
* **ICMP Type:** Enter the ICMP Type to be allowed. Example: 0 or 8 for echo requests (ping) or 30 for traceroutes.
* **ICMP Code:** Enter the ICMP Code to be allowed. Example: 0 for echo requests.
* **IP Version:** Select a version from the drop-down list. By default, it is **Auto**.

![Values for a Firewall Rule](/files/XnGQh7MtUySnF69V1aGF)

9\. (Optional) You can add Firewall rules from an existing template by using **Rules from Template**. The **Generic Webserver**, **Mailserver**, **Remote Access Linux**, and **Remote Access Windows** are the types of Firewall rules you can add from the existing rules template.

![Firewall Rules from Template](/files/Zwu5M8FVzbiMpB8u3Wpr)

10\. Alternatively, you may import an existing rule set from the **Clone Rules from other NIC**.

11\. Click **Save** to confirm creating a Firewall rule.

{% hint style="success" %}
**Result:** A Firewall Rule is created with the configured values.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ionos.com/cloud/network-services/vdc-networking/firewall/how-tos/create-firewall-rule.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.