Ubiquiti EdgeRouter Firewall Rule Configuration example

This configuration prevents connections from 192.168.50.0/24 (guest subnet) to 192.168.30.0/24 and
192.168.35.0/24 networks (.35 configuration is similar to .30 so no screenshots from that needed).
Any other connection is allowed (like the internet). Note that the direction must be 'in' in the interfaces tab, this mean ingress connection from the .50 network to the EdgeRouter.

First create and configure the ruleset (in this case the name is GUEST_IN).



Select Drop



Select the guest VLAN interface and 'in' ('in' means data coming into the EdgeRouter from the selected interface)



Save the ruleset.

Create a DROP rule.

DROP new connections.



From every address in the .50 network (leave blank).



To every address in .30 network.















The config for the 192.168.35.0/24 is similar so not shown here.

Create the allow rule. This allows all connections everywhere and receiving data from everywhere. The rules higher in the priority override this and block new connections to .30 and .35.





























This is what it looks like when all the rules are made. (the DEFAULT ACTION is generated by the system).

Running a command at startup in Ubuntu

An example how to automatically run a command at startup. To run a command a new service is needed to launch the script where the desired commands are.

1. Create a script

sudo nano /home/[username]/script/ntpstart.sh

#!/bin/sh
sudo service ntp restart

2. Make the script executable

sudo chmod 775 /home/[username]/script/ntpstart.sh

3. In the /etc/systemd/system create a service

sudo nano /etc/systemd/system/ntpstart.service

[Unit]
Description=Start NTP

[Service]
Type=oneshot
ExecStartPre=-/bin/sleep 60
ExecStart=/bin/sh /home/[username]/script/ntpstart.sh

[Install]
WantedBy=multi-user.target

4. Enable the ntpstart.service

systemctl enable ntpstart.service