Ubiquiti

559 readers

1 users here now

Unofficial Ubiquiti community.

Discover innovations, troubleshoot, and optimize your Ubiquiti products and software.

founded 2 years ago

MODERATORS

[email protected]

Firewall rules not working as expected (self.ubiquiti)

submitted 4 weeks ago by root to c/[email protected]

1 comments fedilink hide all child comments

I have a couple rules in place to allow traffic in from specific IPs. Right after these rules I have rules to block everything else, as this firewall is an "allow by default" type.

The problem I'm facing is that when I replace these two ports to match "Any" instead, those machines (matrix server and game server) are unable to perform apt-gets.

I had thought that this should still be allowed, because the egress rules for those two permit outbound traffic to http/s and once that's established it's a "stateful" connection which should allow the traffic to flow back the other way.

What am I doing wrong here, and what is the best way to ensure that traffic only hits these servers from the minimal number of ports.

top 1 comments

sorted by: hot top controversial new old

[–] [email protected] 2 points 4 weeks ago

the last time i encountered something like this, i got it work by inverting the rules; it was counter intuitive since you're defining a block on any/all before defining an ingress/egress, but it worked. 🤷