# Create an NIC-based Firewall Rule

To create a Firewall rule, follow these steps:

1\. In the **DCD**, go to **Menu** > **Virtual Data Centers**.

2\. Select the data center to activate firewall.

3\. In the Workspace, select a Virtual Machine with a **NIC**.

4\. From the Inspector pane, open the **Network** tab.

5\. Open the properties of the NIC to manage its Firewall Rules.

6\. Click **Manage Rules**.

7\. Click **Create Firewall Rule** and choose from the following type of Firewall rules to add from the drop-down list:

* TCP Rule
* UDP Rule
* ICMP Rule
* ICMPv6 Rule
* VRRP Rule
* GRE Rule
* AH Rule
* ESP Rule
* Any Protocol

![Create a Firewall Rule](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-622282d740f637ab5ff37e446da81299f51031fa%2Fnew-rules-firewalls.png?alt=media)

8\. Enter values for the following in a Firewall rule:

* **Name:** Enter a name for the rule.
* **Direction:** Choose the traffic direction between **Ingress** and **Egress**.
* **Source MAC:** Enter the Media Access Control (MAC) address to be passed through by the firewall.
* **Source IP/CIDR:** Enter the [<mark style="color:blue;">IP address</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#ip-address) to be passed through by the Firewall.
* **Destination IP/CIDR:** If you use virtual IP addresses on the same network interface, you can enter them here to allow access.
* **Port Range Start:** Set the first port of an entire port range.
* **Port Range End:** Set the last port of a port range or enter the port from Port Range Start if you only want this port to be allowed.
* **ICMP Type:** Enter the ICMP Type to be allowed. Example: 0 or 8 for echo requests (ping) or 30 for traceroutes.
* **ICMP Code:** Enter the ICMP Code to be allowed. Example: 0 for echo requests.
* **IP Version:** Select a version from the drop-down list. By default, it is **Auto**.

![Values for a Firewall Rule](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-778096dc7f60b27e02cffd2e530e5ef73a4607a8%2Ffirewall-rules.png?alt=media)

9\. (Optional) You can add Firewall rules from an existing template by using **Rules from Template**. The **Generic Webserver**, **Mailserver**, **Remote Access Linux**, and **Remote Access Windows** are the types of Firewall rules you can add from the existing rules template.

![Firewall Rules from Template](https://1737632334-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MifAzdGvKLDTtvJP8sm%2Fuploads%2Fgit-blob-356e34131544df9d38775ba6b45ceb0c2e2cd3e7%2Ffirewall-rules-templates.png?alt=media)

10\. Alternatively, you may import an existing rule set from the **Clone Rules from other NIC**.

11\. Click **Save** to confirm creating a Firewall rule.

{% hint style="success" %}
**Result:** A Firewall Rule is created with the configured values.
{% endhint %}