Unifi Firewall Rules

Routing, switching and other networking topics.
Forum rules
READ: Techie Rambles rules
User avatar
Kailey
Administrator
Administrator
Posts: 13
Joined: Sun Aug 27, 2023 3:25 am
Name: Kailey Snay

Unifi Firewall Rules

Post by Kailey »

Posting here for referencing when working with Ubiquiti firewalls.

WAN Network
  • WAN Local Applies to IPv4 traffic that is destined for the UDM/USG itself on the WAN network (default drop).
  • WAN In Applies to IPv4 traffic that enters the WAN (ingress), destined for other networks (default drop).
  • WAN Out Applies to IPv4 traffic that exists the WAN (egress), destined for other networks (default accept).
  • WAN v6 Local Applies to IPv6 traffic that is destined for the UDM/USG itself on the WAN network (default drop).
  • WAN v6 In Applies to IPv6 traffic that enters the WAN (ingress), destined for other networks (default drop).
  • WAN v6 Out Applies to IPv6 traffic that exists the WAN (egress), destined for other networks (default accept).
LAN Network
  • LAN Local Applies to IPv4 traffic that is destined for the UDM/USG itself on the LAN network (default accept).
  • LAN In Applies to IPv4 traffic that enters the LAN (ingress), destined for other networks (default accept).
  • LAN Out Applies to IPv4 traffic that exists the LAN (egress), destined for this network (default accept).
  • LAN v6 Local Applies to IPv6 traffic that is destined for the UDM/USG itself on the LAN network (default accept).
  • LAN v6 In Applies to IPv6 traffic that enters the LAN (ingress), destined for other networks (default accept).
  • LAN v6 Out Applies to IPv6 traffic that exists the LAN (egress), destined for this network (default accept).
Guest Network
  • Guest Local Applies to IPv4 traffic that is destined for the UDM/USG itself on the Guest network (default drop). Allows certain services/such as DNS and DHCP.
  • Guest In Applies to IPv4 traffic that enters the Guest network (ingress), destined for other networks (default accept). Drops traffic to other LAN (Corporate) networks.
  • Guest Out Applies to IPv4 traffic that exists the Guest network (egress), destined for this network (default accept).
  • Guest v6 Local Applies to IPv6 traffic that is destined for the UDM/USG itself on the Guest network (default drop). Allows certain services/such as DNS and DHCP.
  • Guest v6 In Applies to IPv6 traffic that enters the Guest network (ingress), destined for other networks (default accept). Drops traffic to other LAN (Corporate) networks.
  • Guest v6 Out Applies to IPv6 traffic that exists the Guest network (egress), destined for this network (default accept).