Ubiquiti EdgeRouter Hardening Guide. Next we'll disable or firewall services that don't need to be running or exposed. Because port scanners will attempt to login with factory credentials given the opportunity. Computer is directly connected to it and can see the MAC address via the physical link. Internet Access Based on MAC Address. MAC (Media Access Control) is a unique identity to any IP devices. So, using MAC address, you can easily prevent unauthorized access to your router. MikroTik router provides various ways by which you can easily filter MAC address of any IP device and allow internet access to this device.

See the update at the bottom of this post – Tim 20180211

I have an Ubiquiti EdgeRouter PoE at the house as my main router. In order to manage “resources” at the house, I wanted a way to block a couple of MAC addresses at a certain time each day. I created a filter that blocks by MAC address that looks something like:

I applied this rule to the “switch0” interface that talks to my LAN interfaces at eth2, eth3 and eth4.

For the rulesets above, I want to enable rule #2 and #3 for the devices “iPhone” and “Desktop” to block traffic from them. Two hours later, I want to disable this rule to pass traffic again. This script does just that…

There are a couple of ways to configure the router with scripts. Ubiquiti suggests using the /opt/vyatta/etc/functions/script-template script like:

This actually breaks due to a bug. Download jawbone jambox app for mac. I have had to use the /opt/vyatta/sbin/vyatta-cfg-cmd-wrapper as part of my script. Works just fine.

The CRON entries that will run the scripts at 0330 and 0530 UTC…

Updated on Feb 11th 2018..

It seems that either I missed this feature or Ubiquiti just added it. You can add times to enable and disable the rule. For instance, in the case of Rule #2 above, you would add starttime and stoptime statements. You can also specify date of the week or date such as day/month/year. This has been in Vyatta for a while now.