initial commit

1 files changed, 77 insertions, 0 deletions

diff --git a/blog/2023-06-18-unifi-ip-blocklist.org b/blog/2023-06-18-unifi-ip-blocklist.org
new file mode 100644
index 0000000..2e14a59
--- /dev/null
+++ b/blog/2023-06-18-unifi-ip-blocklist.org
@@ -0,0 +1,77 @@
++++
+date = 2023-06-18
+title = "Block IP Addresses and Subnets with Unifi Network Firewall"
+description = "A short tutorial on how to create IP Groups in Unifi's Network application and block them via the firewall."
++++
+
+## Identifying Abusive IPs
+
+If you're like me and use Unifi network equipment at the edge of the network you 
+manage, you may know that Unifi is only somewhat decent at identifying and 
+blocking IPs that represent abusive or threat actors.
+
+While Unifi has a [threat 
+management](https://help.ui.com/hc/en-us/articles/360006893234-UniFi-Gateway-Threat-Management) 
+tool inside their Network application, it can be lacking in functionality and 
+identification. For example, I have my UDM Pro set to identify and block almost 
+all categories of threats available within the Unifi settings. However, I 
+regularly identify abusive actors on my web server via the server logs.
+
+In addition, I have identified IP addresses and subnets directly within Unifi's 
+logs that the UDM did not block for whatever reason.
+
+This guide is meant to be another step in the process to manually block abusive 
+IP addresses or subnets that you have identified but are not being automatically 
+blocked yet.
+
+## Create an IP Group Profile
+
+To start, login to the Unifi machine's web GUI and navigate to the Network app > 
+Settings > Profiles.
+
+Within this page, choose the `IP Groups` tab and click `Create New`.
+
+![Network Profiles](https://img.0x4b1d.org/blog/20230618-unifi-ip-blocklist/unifi_profiles.png "Network Profiles")
+
+Each IP Group profile can be used as one of three options:
+
+1. Port Group
+2. IPv4 Address/Subnet
+3. IPv6 Address/Subnet
+
+In this example, I'm creating an IPv4 Address/Subnet group and adding a few 
+different IP addresses and a subnet.
+Once you've added all IP addresses and subnets, click the `Apply` button 
+that should appear at the bottom.
+
+![Network Profile IPs](https://img.0x4b1d.org/blog/20230618-unifi-ip-blocklist/abusive_ips.png "Network Profile IPs")
+
+At this point, the IPv4 Address/Subnet has been created but not yet used.
+
+## Drop IP Group Profile via the Unifi Firewall
+
+To instruct the Unifi machine to block the profile we just created, we need 
+to navigate to the Network app > Settings > Firewall & Security.
+
+Within this screen, find the Firewall Rules table and click `Create Entry`. This 
+entry should contain the following settings:
+
+- Type: `Internet In`
+- Description: `<Your Custom Rule>`
+- Rule Applied: `Before Predefined Rules`
+- Action: `Drop`
+- Source Type: `Port/IP Group`
+- IPv4 Address Group: `<Name of the Group Profile You Created Above>`
+
+Customize the remaining configurations to your liking, and then save and enable 
+the firewall rule.
+
+![Firewall Rule](https://img.0x4b1d.org/blog/20230618-unifi-ip-blocklist/firewall_drop_rule.png "Firewall Rule")
+
+Once enabled, the Unifi machine will be able to drop all incoming connections 
+from the defined IP addresses and subnets within the created profile.
+
+> As a personal aside to this topic, I'm looking for a convenient way to update 
+> the firewall rules or profiles remotely (within the LAN) from the web server 
+> to accelerate this process. If you have an idea on how to automatically update 
+> Unifi IP groups or firewall rules, let me know!