Unifi Network - Block Internet Access for Specific Devices
I have a number of devices that I no longer want to give access to the internet. For example, the smart TV and a P1 reader that tries to call ‘home’ every second.
Fortunately, it is very easy to create a firewall rule within the Unifi Network Application (formerly called Unifi Controller).
Since I replaced my old Unifi Security Gateway (USG) with a Unifi Dream Machine Pro (UDM-Pro), the setup below is based on the newest user interface (v7).
Create IP Group
- Go to
Settings
andProfiles
- Scroll down to
Port and IP Groups
and clickCreate New Group
:- Profile Name: for example
BlockInternet
- Type:
IPv4 Address/Subnet
- Address: add the IP addresses of the devices that are not allowed to connect to the internet
- Profile Name: for example
- Click
Apply Changes
You can now use this group when creating the firewall rule.
Create Firewall Rule
- Go to
Settings
andFirewall & Security
- Scroll down to
Firewall Rules
and clickCreate New Rule
:- Type:
Internet Out
- Description: for example
drop group block internet
- Rule Applied:
Before Predefined Rules
- Action:
Drop
- IPv4 Protocol:
All
Source - Source Type:
Port/IP Group
- IPv4 Address Group:
BlockInternet
- this the IP group you created earlier - Port Group: Any
Leave Destination and Advanced at the default settings
- Type:
- Click
Apply Changes
The Firewall Rules now look like this:
Testing
Test if it works, for example with your mobile phone by temporarily putting the IP address in the IP group.
Read other notes
Tags
Notes mentioning this note
- Unifi Network - Setup VLANs including IoT and access to Pi-hole
Here I describe which networks/VLANs and WiFi networks I have created. And how I configured the firewall and added a...
Comments
No comments found for this note.
Join the discussion for this note on this ticket. Comments appear on this page instantly.