Upcoming Maintenance Alert:

The UBNT Community will be upgraded at 5pm MDT on April 25th. During this time the community forums will be set to read-only status.

Learn more

×
Reply
Member
Posts: 276
Registered: ‎09-14-2009
Kudos: 132
Solutions: 18

Unifi, guest policy firewall, config files, prevent Wi-Fi clients serving DHCP/DNS

Is there a way to check and customise the firewall rules created by enabling guest policy (not the portal)? Does it show up in any config / properties file on the controller or only on an Access Point?

I'd like to check if it prevents Wi-Fi clients from becoming DHCP and DNS servers on a given VLAN. If guest policy does not already do this I may make it a Feature Request instead.

More broadly it would be usual for DHCP and DNS to be provided only by a wired device so would want the ability to block it being served by any wireless device (regardless of guest policy). We do have switches that can do DHCP snooping but many deployments won't have this option.

Member
Posts: 276
Registered: ‎09-14-2009
Kudos: 132
Solutions: 18

Re: Unifi, guest policy firewall, config files, prevent Wi-Fi clients serving DHCP/DNS

Don't like to BUMP stuff too often but any official answer (or has anyone delved into this themselves)?

 

I assume it results in etables rules. I need to see what's going on as with guest policy enabled I can sometimes still see other guests in FING and similar tools.

 

Also I'll need to be able to confirm to the enterprise / management that we can mitigate against known risks as per the previous posts (the obvious case being wireless clients serving DHCP offers to each other) - in order to be able continue using or buying more of these.

Reply