G+_Jonathan Salomon Posted March 28, 2017 Share Posted March 28, 2017 Does anybody know how to write firewall rules in detail so I can learn how to do that on my Ubiquiti edge router?? every rule I set just blocks all Internet access. Link to comment Share on other sites More sharing options...
G+_Benjamin Webb Posted March 28, 2017 Share Posted March 28, 2017 That is kind of a big question. There are stateless and stateful firewalls. Stateless basically boil down to routing tables en.m.wikipedia.org - Routing table - Wikipedia Stateful use information about what the packet is to route. Will let through certain protocols using certain ports through to certain interfaces or traffic traveling a certain direction into an interface. Each router also provides slightly different interfaces for editing these. Suggest you read up and ask questions in forums before making changes. Link to comment Share on other sites More sharing options...
G+_Benjamin Webb Posted March 28, 2017 Share Posted March 28, 2017 To be honest without lower layer switches to manage or multiple wans most people never edit the tables. IPv6 would be the exception and you want a stateful firewall for that as any address that does not start with a FD in the beginning is externally routed so the firewall is basically your only protection and needs to be aware of the type of traffic and direction. Link to comment Share on other sites More sharing options...
G+_Travis Hershberger Posted March 28, 2017 Share Posted March 28, 2017 The VyOS getting started guide is a good place to start if you want to get into the command line configuration. https://wiki.vyos.net/wiki/User_Guide Link to comment Share on other sites More sharing options...
G+_Jeff Gros Posted March 28, 2017 Share Posted March 28, 2017 I learned how to configure the Edge Router X firewall by watching Willie Howe on youtube. If you are doing port fowarding, just keep in mind that the DNAT gets applied BEFORE the firewall. That was something I didn't understand at first. The good news is that both the DNAT and firewall config pages have "stats". You can watch in real time as you send packets to see if they get through. Here are a few videos that you might find useful, but honestly, just poke around and watch them all! It's good stuff! Link to comment Share on other sites More sharing options...
G+_Juscelino Acevedo Posted March 28, 2017 Share Posted March 28, 2017 I would honestly suggest going the Sophos UTM route. It's free for home use; up to 50 devices. Have been using it for years flawlessly. Link to comment Share on other sites More sharing options...
Recommended Posts