Occasionally, I get asked about my UDM SE. Especially about content blocking of specific domains and apps or content groups. There are many reasons why one should want to block specific content or limit access to specific sites. It could be security, but also that some sites aren't the best for very young kids. Personally, I don't block anything in my network and follow the approach of teaching my kids about the risks in the World Wide Web.
With your UDM SE (and probably UDM Pro, too) you have three options for traffic management.
- Speed Limit
You find these options when you click on the settings cog, select Traffic Management and create a New Rule.
All the rules have the very same categories to select from.
The categories available are:
- App Group
- Domain Name
- IP Address
- Local Network
Within these categories, you're able to be more specific on what you want to block.
For every rule, you're able to select multiple apps, app groups or domain names to be blocked within a single rule. Furthermore, you can define on which target devices or device groups a rule has to be applied. That way you can block, allow or speed limit the access to specific devices within your network. Do you have someone in your network killing the bandwidth with streaming Netflix? Just create a speed limit rule and apply it to the device. The options are almost endless.
On top, you have the option to schedule your rule to be active
- every day
- every week
- One-Time only
- and custom
The last option, 'custom' allows you to really fine tune your rule to specific days and times within a week.
This rule, for example, is active for the next 21 days from 04. February 2023 to 25. February 2023 between 09:00 A.M. and 05:00 P.M. every Monday to Friday, except Saturday and Sundays. It's blocking access to ICQ, Gadu-Gadu and Yixin for the Nintendo Switch in my network.
In the app category you're able to block, allow or speed limit a single application like WhatsApp, TikTok, Facebook, Instagram, ICQ, WebEx, or specific erotic sites. The list is huge, gets updated regularly, and you can search for specific terms.
In the App Group category you can select pre-defined groups of apps like Social Media, Database Tools, Business Tools, Streaming Media or Tunneling and Proxy Services. At the time of writing, I don't know what specific apps are included in each app group. Therefore, I recommend using it with caution.
Within the Domain Name category, I can manually add single domains or even add a whole list of domains via file. To enter multiple domains, you need to separate them either by newline or with a semicolon. This could be helpful if one wants to replace their Pi-Hole with the Unifi Dream Machine. 🤔
The IP Address category allows you to configure single IP Addresses including a given port and port-range or IP Address ranges to be blocked. You can even mix single IP addresses and IP address ranges within one rule.
I honestly can't imagine a good use case of blocking, allowing or speed limiting a specific region, but hey, it's possible. Just select the countries you want to traffic manage, and you're set. You can even select Vatican City.
Yes, the internet. Just manage the full traffic of the entire internet access for a specific device. I'm just thinking I could block internet access for my washing machine, but I like the push notifications when it's done. The troubles.
If you have multiple networks configured in your UDM you're able to create some kind of virtual lan zones and to manage the traffic in, out or in both directions. Pretty nice.
Well, and that are all the traffic management rule options available in the Unifi Dream Machine. I hope this helps someone. If you would like to know more, feel free to ask in the comments or reach out to me directly. I'm more than happy to help.