Your videos are great. Im by no means a network expert and my new EdgeRouter was a little beyond my knowledge. I was just trying to forward some ports, argh. After watching a few of your videos, I learned allot and was able to get setup. Thank You.

Willie, just what I needed today. Thank you

Thank you, for making this video! Defining source and destination helped a lot.

Absolutely awsome. Thank you very much for your efforts.

So much for you answering Questions..You have not really answered but 1 or 2.....

Helped me understand why my minecraft server wasnt reachable. Thanks

I live this back to basics video series.

Absolutely awsome. Thank you.

Thanks a lot! excellent! I'm looking forward for more videos like this one on the EdgeMax OS.

Dude I love your videos. Absolutely great!!

Excellent video!

Great video - perfectly demonstrated

Great video, I do feel a little better about blocking. It would be nice if you did a few more WAN IN "allow" rules for instance dedicated connection to inbound VoIP requests.

Your videos have been a huge help in getting our network setup how we want it. Do you think you could do a segment explaining how to handle port forwarding/DNAT/FW rules to handle dual ISP / dual WANs?

I wish your videos spent more time on what the different choices mean and WHY you choose them. For instance -- drop vs reject. What is the difference? Established vs New vs Related. What do those mean? I see you choose them, but I don't know why. Source port vs destination port -- why do you put port 80 in the source tab but not the destination tab? Do all "block" rules put the port in Source and all "allow" rules put port in Destination? More details on these type of topics will help us understand the core of how this works and with this understanding we can know how to create our own rules instead of just copying step-by-step what you do with no idea why.

Might be a stupid question but if you want to prevent people on the inside from accessing the internet why block the inbound responses rather than simply blocking the outbound traffic?

I see you can specify a Mac address as well so if I want to block a IP camera from accessing the Internet from outside my network I can just created a rule for that ? If so how do I do that ?

Hi , nice video , l just need to block specific IP ? how can this be done ?

thanks .. just what i was looking for.

Hello Willie. Thank you for your very informative video's. I would like to aks 2 questions. 1. Does realy in depth documentation exist on Edge OS. 2. More importantly: I use the latest firmware (2022-03-01). Are WAN_IN firewall rules automatically assigned to ETH0 ? The interface is not clear about that and does not present ETH0 in any selction list. Thank you for you trouble.

Hi Willie, really nice tutorial. Thanks! I have one additional question. I need to do exactly the same what you did - bock internet access (port 80 and 443) for ALL pages but need to allow access only to 1 page - e.g. google.com (or my personal page / runs on 443). Is it possible to do it? Thanks!

If you want to stop internet access for a specific IP or IP's rather than blocking the incoming reply wouldn't it be better to block the outgoing request? Either way would work just trying to understand if there is a reason you doing it by blocking incoming replies.

Question: Can I block mac address for some iPhones on a particular LAN using firewall?

I Love you , I love your brain, thanks is very util your videos.

Hi Willie, How can I lock down all source ports, and then assign individual rules for ports I want open ? Do you have a video on this ?

Willie, have watched many of your videos! Great help. Using a synology to do surveillance, can you you do a video about setting up Synology on lan1 and putting cameras on lan2?

Great Video! Thanks!

Great video thanks

Great video, I'm struggling with getting an edge router to block ip ranges on eth0 which connected to a comcast modem.. and only allowing access to the modems gateway.. I'd like to block guest wifi on eth3 to anything not the big capital I internet past the comcast modem

The EdgeMax seems like a great product line but I'm not a huge fan of the interface. I use pfSense and it has a sleeker interface and it's easier to make firewall rules. Nice video though!

Hello Willie, Why did you pick the source port = 80 why not the destination port is 80 since the source port is randomly generated? is it because WAN to internal?

A great video. I'm new to Edgerouter. I just purchased and EdgeRouter X. I would like to block GEO IPs in particular Russian and Chinese IPs. Could you do a video showing how to configure the EdgeOS to block GEO IPs?

Hi Willie man I find myself watching your videos all the time. However I've been searching without much success about that 'group null' destination in the WAN_IN ruleset. What is that group null exactly. Is that somehow more efficient than selecting all protocols? Don't think a ruleset can be created in the gui that way without copying from WAN_IN. Many many thanks to you your vids have saved (or enhanced) my butt a few times!

I've noticed in your videos, you have WAN_IN set to eth0/in. So, starting from factory reset. WAN_IN isn't set for an interface when you use the wizard, it's blank. Should it be? Do I have to manually set it to eth0/in? I've had it off for months. Firmware 1.10.10

If we make a rule secure blank and destination our all ip address, if we set like that, that means anyone from outside or internet can't access to our network? That is correct??

Thank you for the video. Can you block a specific website like KZbin by creating a rule?

Curious about upnp setup, is that command line or config tree only? If so, how would one apply it to switch0? Seems like it wants a physical interface only.

I am confused and or doing something wrong i am trying to block all traffic to port 22 only allowing certain IP address i have edit a rule set in wan but it will not block port 22 traffic.

I need rules for Mac Address. No Found

how to make two networks not talk to each other, only with EdgeRouter, Thank You

Just watched this video and I really appreciate the info. My question to you is........ Would you suggest on a edgerouter, I use these rules to block all traffic in except 80, 443 for basic web user inside the lan? It seems that would be a good thing to prevent stuff sneaking in other ways, or am I being to paranoid?

How do you block all ports but port 80? I am having issues

Another great video! What if you wanted to block a group of external addresses from port scanning or trying to access your network. Would you just add an address-group and add it on the destination tab?

Nice, i wish i could train for this

For three hours I'd been trying to open ports unsuccessfully. Turns out my wan_in wasn't eth0, it was eth1. Fuck me.

Great Video Brou. some video bandwidth limit for user o group later.

You mentioned DNAT, so what is its purpose?

Hi, how can i remotely manage my EdgeMax to be very specific: i need to access it from my Office PC only.

I have dual WAN configuration. Second WAN only works when first one failed over and it is transfer limited by my ISP. Is it possible to block all video sites like youtube, vimeo, etc. only on my second WAN? If it is possible, what is the easiest method to do that?

This is great and I love the idea of being able to schedule rules, but I tried this and am having trouble with the time-based settings. I can get the rule to block port 80 and to block only a specific IP or all IPs and it will even work if I put in a day of the week setting, i.e. Thu for Thursday. But, if I try to put in a date and time range it doesn't work at all. I'm on 1.8.5 and even rebooted and deleted and re-created the rule. The rule works except when I try to use a date and time range - no errors, but it doesn't drop traffic. Any ideas?

Lmao .. i managed to get the block working .. But Ubiquiti's version of block social-network sites... Gives me .. the results of everything blocked... from youtube/hotmail/gmail/facebook/twiiter/snapchat/instagram/ world wide web basically...lol what am i doing wrong??

This never went into allowing actual inbound traffic initiated from the outside.

how about pppoe interfaces on top of eth0 ? do we apply wan_in to eth0 or pppoe? I struggle to setup vpn port forwarding. I think firewall is blocking incoming vpn connections

The processor is getting taxed. Consider enabling Hardware Offloading.

This is that 10 minute or so fucking video that would have saved hours of stress as I failed to learn firewalling at a more basic-ass level . . . ffs

This doesn't make sense. How can blocking port 80 INCOMING stop you viewing websites?????? That's what you'd do to stop people outside viewing websites on YOUR SERVER?????? I'M BAFFLED??????