Unifi Network - Block Internet Access for Specific Devices

I have a number of devices that I no longer want to give access to the internet. For example, the smart TV and a P1 reader that tries to call ‘home’ every second.
Fortunately, it is very easy to create a firewall rule within the Unifi Network Application.

Here you can read more about replacing my old Unifi Security Gateway (USG) with a Unifi Dream Machine Pro (UDM-Pro) and here you can read about my vlan setup.

Create IP Group

1. Go to Settings and Profiles
2. Go to tab IP Groups
3. Click Create New:
   • Profile Name: BlockInternet for example
   • Type: IPv4 Address/Subnet
   • Address: add the IP addresses of the devices that are not allowed to connect to the internet
4. Click Add

You can now use this group when creating the firewall rule.

Create Firewall Rule

1. Go to Settings and Security
2. Go to tab Firewall Rules
3. Go to Internet rules
   
4. Click Create Entry:
   • Type: Internet Out
   • Name: drop group block internet for example
   • Action: Drop
   • Protocol: All and Before Predefined is enabled
     Source
     • Source Type: Port/IP Group
     • Address Group: BlockInternet - this the IP group you created earlier
5. Leave destination and advanced at the default settings and click Add Rule

In this way I have created a few more rules. The internet (out) rules now look like this:

Testing

Test if it works, for example with your mobile phone by temporarily putting the IP address in the IP group.

Read other notes