Unifi Firewall Rules

	A	B	C	D	E	F	G	H	I	J	K	L	M	N	O	P
1	Rule Number	Rule Name	Rule Type	Action	Protocol	Adv	Source			Destination			Possible Add'l Ports	Reference	Fixes	Notes
2	Rule Number	Rule Name	Rule Type	Action	Protocol	Adv	Type	Network	Ports	Type	Network	Ports	Possible Add'l Ports	Reference	Fixes	Notes

3	2000	Allow Established and Related Connections	Outbound	Accept	All	Est + Rel	Address/Port	Any	N/A	Address/Port	Any	Any				Main LAN clients can access all networks
4	2001	Accept NTP Requests	Outbound	Accept	All	Est + Rel	Address/Port	Any	N/A	Address/Port	Any	123
5	2002	Allow IoT to Home Assitant	Outbound	Accept	All		Network	LAN - IoT	N/A	Address/Port	Home Assitant Server	Any				Allows my IoT network to access my Home Assistant Server
6	2003	Allow Established and Related From IoT to Any	Outbound	Accept	All	Est + Rel	Network	LAN - IoT	N/A	Address/Port	Any	Any				IoT devices can reply to Main LAN clients
7	2004	Allow inbound pings to local name servers	Inbound	Accept	ICMP		Address/Port	Any	Any	Address/Port	Local Servers: DNS	Any
8	2005	Allow inbound local DNS	Inbound	Accept	TCP + UDP		Address/Port	Any	Any	Address/Port	Local Servers: DNS	53				Raspberry Pis running Pi-hole (DNS)
9	2006	Allow Inbound from IOT to mDNS on LAN	Inbound	Accept	UDP		Network	LAN - IoT	N/A	Address/Port	LAN - Main	1900, 5353, 9000
10	2007	Allo NoT to MQTT	Outbound	Accept	UDP		Network	LAN - NoT	N/A	Address/Port	Home Assitant Server	1883, 8883				NoT needs to be able to communicate with MQTT server
11	2008	Block All NoT	Outbound	Drop	All		Network	LAN - NoT	N/A	Address/Port	Any	Any
12	2009	Block IoT from LAN	Outbound	Drop	All		Network	LAN - IoT	N/A	Network	LAN - Main
13	2010
14	2011	Additional Details:
15	2012	All IoT devices have reserved (static) IP addresses. Firewall rules use device groups using their static IPs.
16	2013	Home Assistant is on a Pi w Static IP 192.168.1.230 on	the main VLAN
17	2014	IGMP snooping disabled on Main LAN and IoT VLAN
18	2015	mDNS button in UniFi Controller is turned On	.	.	.	.	.	.
19	2016	UPnP is OFF for all networks	.	.	.
20	2017
21	2018		.	.
22	2019	.	.	.
23	2020
24	2021
25	2022
26	2023
27	2024
28	2025
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100