# This configuration is based on the Wizard config and also the these ones:
# https://blog.dlasley.net/2013/06/initial-configuration-ubiquiti-edgerouter-lite/
# http://lg.io/2015/01/11/the-ubiquiti-edgerouter-configuring-this-extremely-lowcost-enterprisegrade-router-for-home-use.html
#
# Create simple firewall rules for Inbound wan to lan and local router
edit firewall
set all-ping enable
set broadcast-ping disable
set ipv6-receive-redirects disable
set ipv6-src-route disable
set ip-src-route disable
set log-martians enable
show
top

edit firewall name WAN_IN
set default-action drop
set description
set description "Inbound WAN to (W)LAN"
set rule 10 action accept
set rule 10 description "Allow established/related"
set rule 10 log disable
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state related enable
set rule 10 state invalid disable
set rule 10 state new disable
show
set rule 20 action drop
set rule 20 description "Drop invalid state"
set rule 20 log disable
set rule 20 protocol all
set rule 20 state established disable
set rule 20 state new disable
set rule 20 state invalid enable
set rule 20 state related disable
show
top

edit firewall name WAN_LOCAL
set default-action drop
set description "Inbound WAN to local router"
set rule 10 action accept
set rule 10 description "Allow established/related"
set rule 10 log disable
set rule 10 protocol all
set rule 10 state established enable
set rule 10 state invalid disable
set rule 10 state new disable
set rule 10 state related enable
show
set rule 20 action drop
set rule 20 description "Drop invalid state"
set rule 20 log disable
set rule 20 protocol all
set rule 20 state established disable
set rule 20 state invalid enable
set rule 20 state new disable
set rule 20 state related disable
show
top

# Save the current firewall configuration
commit
save

# Add the firewall configuration that we just create to the eth0 (internet)
edit interfaces ethernet eth0 firewall
set in name WAN_IN
set local name WAN_LOCAL
show
top

# Save the interface with the firewall configuration
commit
save