Wednesday, May 13, 2020

Ubiquiti EdgeRouter Firewall Rule Configuration example


This configuration prevents connections from 192.168.50.0/24 (guest subnet) to 192.168.30.0/24 and
192.168.35.0/24 networks (.35 configuration is similar to .30 so no screenshots from that needed).
Any other connection is allowed (like the internet). Note that the direction must be 'in' in the interfaces tab, this mean ingress connection from the .50 network to the EdgeRouter.

First create and configure the ruleset (in this case the name is GUEST_IN).



Select Drop



Select the guest VLAN interface and 'in' ('in' means data coming into the EdgeRouter from the selected interface)



Save the ruleset.

Create a DROP rule.



DROP new connections.



From every address in the .50 network (leave blank).



To every address in .30 network.















The config for the 192.168.35.0/24 is similar so not shown here.

Create the allow rule. This allows all connections everywhere and receiving data from everywhere. The rules higher in the priority override this and block new connections to .30 and .35.





























This is what it looks like when all the rules are made. (the DEFAULT ACTION is generated by the system).





1 comment: