In this lesson, I will show you how to configure Firewall rules on the Ubiquiti EdgeRouter X as direction local, which means for all traffic coming to the EdgeRouter itself.
We have the following scenario:
My computer is connected to the Ubiquiti EdgeRouter physically on Eth2, and the interface Eth2 is part of the interface Switch0 (as well Eth3 and Eth4).
Let's try to open SSH from the PC to the EdgeRouter.
You can see it is possible.
So now we have create Firewall Rules to block SSH for all traffic coming to the EdgeRouter. There is 2 way the traffic can come to the EdgeRouter: from the WAN or from the LAN.
Any traffic coming from the LAN to the EdgeRouter is having the direction local. And any traffic coming from the WAN to the EdgeRouter is having the direction local.
As SSH is coming to the EdgeRouter itself, so it is considered a Local traffic to the Router that means we have to create the direction to the Local on Switch0 interface.
Let's start configuring the Firewall to stop SSH.
We have 1st to create the RuleSet which is a set of Rules that I can create, I will name it LAN-Local and give it a default action to Accept all traffic coming to the EdgeRouter and I will enable the Log so we can see the statistic and will save it.
After the ruleset has been created, we have to start creating the rule to block the SSH traffic. To do that, we have to edit the ruleset as following:
Now we have to start creating the rule to block ssh.
I have created a rule, named it Drop_SSH which dtop all SSH packets (TCP port 22) and I have enabled the log for statistics (SSH works on TCP protocol and on port 22).
As you can see, the Rule has been created successfully.
Now we have to apply it on the interface. Which interface shall we use? Actually it should be Switch0 interface because Eth2 belongs to that interface. and the direction should be local because the traffic of SSH is coming to the EdgeRouter itself.
Let's try to open SSH again from the PC to the EdgeRtouer
You can see it is not possible anymore.
Let's check the statistics on the firewall rules:
You see that the Packets and Bytes on the rule that I have created to drop SSH traffic has been increased because it has blocked the attempt to open SSH when we tried.
The EdgeRouter can be a very nice Firewall device, you only need to know how to configure the Firewall Rules and how to apply then in the right directions.
If you want to learn more about the Ubiquiti EdgeRouter, you can register to my Ubiquiti UBRSS course on the following link and watch the course online: https://mynetworktraining.com/p/ubiquiti-broadband-routing-switching-specialist-with-labs
If you like this post, I will be happy if you buy me a coffee on the following URL: https://www.buymeacoffee.com/mynetraining
Thank you in advance :)