massive re-write from org-publish to weblorg

1 files changed, 82 insertions, 0 deletions

diff --git a/content/blog/2023-06-18-unifi-ip-blocklist.org b/content/blog/2023-06-18-unifi-ip-blocklist.org
new file mode 100644
index 0000000..dbde1b7
--- /dev/null
+++ b/content/blog/2023-06-18-unifi-ip-blocklist.org
@@ -0,0 +1,82 @@
+#+title: Block IP Addresses and Subnets with Unifi Network Firewall
+#+date: 2023-06-18
+#+description: Learn how to use the Unifi Network Firewall to block IP addresses and subnets.
+#+filetags: :network:
+
+* Identifying Abusive IPs
+If you're like me and use Unifi network equipment at the edge of the
+network you manage, you may know that Unifi is only somewhat decent at
+identifying and blocking IPs that represent abusive or threat actors.
+
+While Unifi has a
+[[https://help.ui.com/hc/en-us/articles/360006893234-UniFi-Gateway-Threat-Management][threat
+management]] tool inside their Network application, it can be lacking in
+functionality and identification. For example, I have my UDM Pro set to
+identify and block almost all categories of threats available within the
+Unifi settings. However, I regularly identify abusive actors on my web
+server via the server logs.
+
+In addition, I have identified IP addresses and subnets directly within
+Unifi's logs that the UDM did not block for whatever reason.
+
+This guide is meant to be another step in the process to manually block
+abusive IP addresses or subnets that you have identified but are not
+being automatically blocked yet.
+
+* Create an IP Group Profile
+To start, login to the Unifi machine's web GUI and navigate to the
+Network app > Settings > Profiles.
+
+Within this page, choose the =IP Groups= tab and click =Create New=.
+
+#+caption: Network Profiles
+[[https://img.cleberg.net/blog/20230618-unifi-ip-blocklist/unifi_profiles.png]]
+
+Each IP Group profile can be used as one of three options:
+
+1. Port Group
+2. IPv4 Address/Subnet
+3. IPv6 Address/Subnet
+
+In this example, I'm creating an IPv4 Address/Subnet group and adding a
+few different IP addresses and a subnet. Once you've added all IP
+addresses and subnets, click the =Apply= button that should appear at
+the bottom.
+
+#+caption: Network Profile IPs
+[[https://img.cleberg.net/blog/20230618-unifi-ip-blocklist/abusive_ips.png]]
+
+At this point, the IPv4 Address/Subnet has been created but not yet
+used.
+
+* Drop IP Group Profile via the Unifi Firewall
+To instruct the Unifi machine to block the profile we just created, we
+need to navigate to the Network app > Settings > Firewall & Security.
+
+Within this screen, find the Firewall Rules table and click
+=Create Entry=. This entry should contain the following settings:
+
+- Type: =Internet In=
+- Description: =<Your Custom Rule>=
+- Rule Applied: =Before Predefined Rules=
+- Action: =Drop=
+- Source Type: =Port/IP Group=
+- IPv4 Address Group: =<Name of the Group Profile You Created Above>=
+
+Customize the remaining configurations to your liking, and then save and
+enable the firewall rule.
+
+#+caption: Firewall Rule
+[[https://img.cleberg.net/blog/20230618-unifi-ip-blocklist/firewall_drop_rule.png]]
+
+Once enabled, the Unifi machine will be able to drop all incoming
+connections from the defined IP addresses and subnets within the created
+profile.
+
+#+begin_quote
+As a personal aside to this topic, I'm looking for a convenient way to
+update the firewall rules or profiles remotely (within the LAN) from the
+web server to accelerate this process. If you have an idea on how to
+automatically update Unifi IP groups or firewall rules, let me know!
+
+#+end_quote