How to block internet access for devices with Unifi Network

Dec 12, 2023 - Last update: Dec 9, 2024

Introduction

I have a number of devices that I no longer want to give access to the internet. For example, the smart TV and a P1 reader that tries to call ‘home’ every second. Fortunately, it is very easy to create a firewall rule within the Unifi Network Application.

How To

Create IP Group

1. Go to Settings and Profiles

2. Go to tab IP Groups

3. Create a new profile

   Instructions:

   • Required Profile Name: BlockInternet, for example
   • Required Type: IPv4 Address/Subnet
   • Required Address: 192.168.x.x, add the IP addresses of devices that are not allowed to connect to the internet

4. Click the Add button (all the way at the bottom left)

You can now use this IP group when creating the firewall rule.

Create Firewall Rule

1. Go to Settings and Security

2. Go to tab Traffic & Firewall Rules

3. Click Create Entry and make sure Rule Type is set to Advanced

   Instructions:

   • Required Type: Internet Out
   • Required Name: drop group block internet, for example
   • Required Action: Drop
   • Required Protocol: All and Before Predefined is enabled
   Source:

   • Required Source Type: Port/IP Group
   • Required Address Group: BlockInternet, this is the name of the IP Group you created

4. Leave the other fields at their default value and click the Add Rule button (all the way at the bottom left)

In this way I have created a few more rules. The Internet Out rules are now looking like this:

Comments

No comments found for this note.

Join the discussion for this note on Github. Comments appear on this page instantly.

Tags:

• Networking

Unifi Network VLAN setup with IoT and access to Pi-hole

How to add Cockpit UI for virtual machines to NixOS