# Configure a Firewall
Activate and configure a [Firewall](https://docs.ionos.com/support/general-information/glossary-of-terms#firewall) for each Network Interface Card ([NIC](https://docs.ionos.com/support/general-information/glossary-of-terms#nic)) to better protect your servers from attacks. IONOS Cloud Firewalls can filter incoming (ingress), outgoing (egress), or bidirectional traffic. When configuring firewalls, define appropriate rules to filter traffic accordingly.
## Activate a Firewall
To activate a Firewall, follow these steps:
1\. In the **Workspace**, select a Virtual Machine with a **NIC**.
2\. From the **Inspector** pane, open the **Network** tab.
3\. Open the properties of the NIC for which you want to set up a Firewall.
4\. Choose either **Ingress**, **Egress**, or **Bidirectional** traffic flow type for which the Firewall needs to be activated.
{% hint style="warning" %}
**Warning:** Activating the Firewall without additional rules will block all incoming traffic. Make sure you set the Firewall rules by using **Manage Rules**.
{% endhint %}
{% hint style="success" %}
**Result:** The Firewall is activated for the selected **NIC**.
{% endhint %}
## Create a Firewall Rule
To create a Firewall rule, follow these steps:
1\. In the **Workspace**, select a VM with a **NIC**.
2\. From the **Inspector** pane, open the **Network** tab.
3\. Open the properties of the NIC for which you wish to manages Firewall Rules.
4\. Click **Manage Rules**.
5\. Click **Create Firewall Rule** and choose from the following type of Firewall rules to add from the drop-down list:
* Transmission Control Protocol (TCP) Rule
* User Datagram Protocol (UDP) Rule
* Internet Control Message Protocol (ICMP) Rule
* ICMPv6 Rule
* Any Protocol
6\. Enter values for the following in a Firewall rule:
* **Name:** Enter a name for the rule.
* **Direction** Choose the traffic direction between **Ingress** and **Egress**.
* **Source MAC:** Enter the Media Access Control (MAC) address to be passed through by the firewall.
* **Source IP/CIDR:** Enter the [IP address](https://docs.ionos.com/support/general-information/glossary-of-terms#ip-address) to be passed through by the Firewall.
* **Destination IP/CIDR:** If you use virtual IP addresses on the same network interface, you can enter them here to allow access.
* **Port Range Start:** Set the first port of an entire port range.
* **Port Range End:** Set the last port of a port range or enter the port from Port Range Start if you only want this port to be allowed.
* **ICMP Type:** Enter the ICMP Type to be allowed. Example: 0 or 8 for echo requests (ping) or 30 for traceroutes.
* **ICMP Code:** Enter the ICMP Code to be allowed. Example: 0 for echo requests.
* **IP Version:** Select a version from the drop-down list. By default, it is **Auto**.
7\. (Optional) You can add Firewall rules from an existing template by using **Rules from Template**. The **Generic Webserver**, **Mailserver**, **Remote Access Linux**, and **Remote Access Windows** are the types of Firewall rules you can add from the existing rules template.
8\. Alternatively, you may import an existing rule set from the **Clone Rules from other NIC**.
9\. Click **Save** to confirm creating a Firewall rule.
{% hint style="success" %}
**Result:** A Firewall Rule is created with the configured values.
{% endhint %}