In our home we have UniFi networking equipment as our backbone for providing WiFi services. We have also been running a home media and ebooks server. The home media server is running a Plex server, and the ebooks server is running Calibre.
In the past, to access these servers we have to use the following format with the browser:
http://hostname:port
This is not very user friendly especially when you forget the port number. It would really be nice if we can access the servers with something like:
http://media.home
http://books.home
At the same time, the kids have been abusing their screen time privileges. Although their iOS devices can be easily managed with the new Screen Time feature, I still need to govern usage time windows on their gaming PC’s and laptops. I would like to configure our firewall so that Internet traffic from their devices are blocked from 12am to 7am.
The above configurations are both possible on the UniFi Secure Gateway (USG) running EdgeOS. However, these configurations are deemed as advance configurations and are not supported on the web user interface. To perform these configurations, I had to create and edit config.gateway.json file. This file will contain all the key / value overrides of the USG device in a JSON structure. Below are my additions to accomplish the above:
{
"firewall":
{
"name":
{
"LAN_IN":
{
"default-action": "accept",
"description": "packets from intranet",
"rule":
{
"3001":
{
"action": "drop",
"description": "Jason Laptop AM",
"protocol": "all",
"source":
{
"mac-address": "84:38:35:50:64:12"
},
"time":
{
"starttime": "00:00:00",
"stoptime": "07:00:00"
}
},
"3003":
{
"action": "drop",
"description": "Kalen Laptop AM",
"protocol": "all",
"source":
{
"mac-address": "e0:ac:cb:8c:32:00"
},
"time":
{
"starttime": "00:00:00",
"stoptime": "07:00:00"
}
},
"3005":
{
"action": "drop",
"description": "Jason Gaming AM",
"protocol": "all",
"source":
{
"mac-address": "1c:1b:0d:70:80:84"
},
"time":
{
"starttime": "00:00:00",
"stoptime": "07:00:00"
}
},
"3007":
{
"action": "drop",
"description": "Kalen Gaming AM",
"protocol": "all",
"source":
{
"mac-address": "1c:1b:0d:72:ed:bf"
},
"time":
{
"starttime": "00:00:00",
"stoptime": "07:00:00"
}
}
}
}
}
},
"system": {
"static-host-mapping": {
"host-name": {
"media.home": {
"alias": [
"media"
],
"inet": [
"192.168.168.9"
]
},
"books.home": {
"alias": [
"books"
],
"inet": [
"192.168.168.9"
]
}
}
}
}
}
The above config.gateway.json file had be stored in the directory /var/lib/unifi/sites/default on my Ubuntu box that is running the UniFi Controller software.
The next step is to perform a force provision of the configurations to the actual USG. This can be done with web based controller software.
To double check, I can run the following on the actual USG box itself.
mca-ctrl -t dump-cfg > config.txt
less config.txt
Any JSON path key and its corresponding value can be overridden using this technique.
The USG is truly a hidden source networking gems.