Mastering EdgeRouter Security: Why Command Line and GeoIP Blocking Are Game-Changers

 

Using the Command Line Interface (CLI) on #Ubiquiti EdgeRouters opens the door to powerful, fine-tuned control that the graphical UI simply can't match. Whether you're configuring advanced routing rules, managing firewall policies, or scripting automated tasks, the CLI provides a deeper, more efficient means of managing your network infrastructure. It enables network administrators to execute changes quickly, troubleshoot with precision, and unlock features that may not be accessible via the GUI—making it an indispensable tool for professionals seeking robust and scalable setups.

One of the most impactful security features you can implement via the CLI is GeoIP blocking. By filtering traffic based on geographic origin, administrators can dramatically reduce attack surfaces, blocking high-risk countries from accessing sensitive services like SSH, VPN, or remote management. When combined with the CLI, setting up GeoIP filtering becomes a flexible and powerful defense mechanism, protecting your network from unwanted intrusion while giving you granular control over who can connect and from where. This level of security customization is vital in today’s threat landscape, especially for SMBs and IT professionals managing remote access points.

Urls

EdgeRouter - Add Debian Packages to EdgeOS

https://help.uisp.com/hc/en-us/articles/22591219068055-EdgeRouter-Add-Debian-Packages-to-EdgeOS

EdgeRouter - How to Create a WAN Firewall Rule

https://help.uisp.com/hc/en-us/articles/22591166964119-EdgeRouter-How-to-Create-a-WAN-Firewall-Rule

Firewalling by country on Edgerouter

https://www.cron.dk/firewalling-by-country-on-edgerouter/

Ubiquiti EdgeRouter GeoIP Blocking Setup - How To

https://www.youtube.com/watch?v=Qn5hbdijYJM

Ubiquiti Edgerouter VPN Configuration

https://www.youtube.com/watch?v=Y9EkYniZH5k

Here are all the commands that I used in the video:

terminal length 0  

cat /var/log/charon.log | grep  init

show version

configure

set system package repository stretch components 'main contrib non-free'

set system package repository stretch distribution stretch

set system package repository stretch url http://archive.debian.org/debian

commit ; save

sudo apt-get update

sudo apt-cache search dnsutils

sudo apt-get install dnsutils

Test that the utilities successfully installed with the following command

sudo dig @8.8.8.8 google.com

sudo apt-get install wget

sudo apt-get install nano

set firewall group network-group countries_allowed description countries_allowed

To check that your firewall group was created from the CLI, type

show firewall group

commit

save

exit

mkdir /config/zonefiles

cd /config/scripts

 sudo nano country-load

---------------

#!/bin/bash

countryList=“ca"

firewallGroupName=countries_allowed

function loadcountry () {

        firewallGroupName=$1

        country=$2

        echo "Downloading country definition for $country..." >> /var/log/alex

        wget http://www.ipdeny.com/ipblocks/data/countries/${country}.zone -O /config/zonefiles/${country}.zone -q

        echo "Adding rules to firewall group $firewallGroupName..." >> /var/log/alex

        for rule in `cat /config/zonefiles/${country}.zone`; do

                ipset add $firewallGroupName $rule

        done

}

ipset -F $firewallGroupName

for country in $countryList; do

        loadcountry $firewallGroupName $country

done

---------------

sudo chmod 755 country-load

sudo ./country-load

sudo ipset -L countries_allowed

sudo ipset –L | grep ip address

sudo ipset add countries_allowed 24.138.184.164/20

sudo ipset del countries_allowed 24.138.184.164/20

 

 

show configuration commands | grep  ike | grep WAN_LOCAL

show configuration commands | grep  l2tp | grep WAN_LOCAL

 

configure

set firewall name WAN_LOCAL rule 30 source group network-group countries_allowed

set firewall name WAN_LOCAL rule 60 source group network-group countries_allowed

commit

save

exit

last point.. make sure you watch your firewall rule order..

Sentimental Sundays: Punch Cards

 

Punch Cards: A Historical Overview

 Punch cards, also known as punch cards or perforated cards, were a significant innovation in the early days of computing and data processing. These cards, typically made of stiff paper, featured holes punched in specific locations to represent data. The concept dates back to the 19th century, with the most notable early use being in the Jacquard loom, which used punch cards to control the weaving of patterns. In the 20th century, punch cards became integral to the operation of early computers, such as the IBM 1401, allowing for data input, processing, and output in a systematic manner. This technology revolutionized data handling and laid the groundwork for modern computing.

4.5 megabytes of data in 62,500 punched cards, USA, 1955

The Decline of Punch Cards

 As technology advanced, the use of punch cards began to decline in the late 20th century. The introduction of more sophisticated data storage and processing methods, such as magnetic tape and later, digital storage solutions, rendered punch cards obsolete. Despite their decline, punch cards played a crucial role in the development of programming languages and data management systems. They were not only a means of inputting data but also served as a way to document and structure information. Today, while largely a relic of the past, punch cards remain a symbol of early computing and are occasionally referenced in discussions about the evolution of technology.

A bit of Info

Did you know that the first computer program ever written was input using punch cards? Ada Lovelace, an English mathematician, is often credited with creating the first algorithm intended for implementation on Charles Babbage's Analytical Engine in the mid-1800s, which would have used a punch card system. 

During World War II, punch cards were used extensively for tasks such as calculating artillery trajectories and managing logistics, showcasing their versatility beyond mere data entry.

Origin in Textile Industry: Punch cards were first used in the early 18th century to control looms, notably in the Jacquard loom (1804), which used perforated cards to automate complex weaving patterns.

Early Computing Use: Herman Hollerith adapted punch cards for data processing in the 1890 U.S. Census, significantly speeding up tabulation. His company later became part of IBM.

Standardized Format: By the 1920s, IBM’s 80-column punch card (with 80 columns and 12 rows) became a standard for data storage, used in computers until the 1970s.

Data Representation: Each column on a punch card typically represented one character, with holes punched in specific patterns to encode letters, numbers, or symbols, read mechanically or optically.

Obsolescence: Punch cards were largely replaced by magnetic tape and disks by the 1980s due to their limited storage capacity and fragility, though some systems used them into the 1990s.

Master Python for Free: Dive into TWB's Comprehensive Online Course

 Looking to learn Python without spending a dime? TWB’s Free Python Course offers a high-quality, self-paced curriculum designed for beginners and intermediate learners alike. Created by Kirk Byers, this course has been trusted by thousands of learners and professionals to build practical programming skills that are directly applicable to network automation, data analysis, and more.

The course covers essential Python concepts through hands-on examples and real-world applications. You’ll start with the basics—variables, data types, control flow—and move on to more advanced topics like functions, object-oriented programming, and working with external libraries. The content is tailored to be clear and digestible, with email-based lessons that guide you step-by-step through learning and practice.

What sets this course apart is its blend of practicality and accessibility. Whether you’re a complete beginner, a network engineer seeking to automate tasks, or someone transitioning into tech, TWB’s Python course is a valuable, no-cost resource. Sign up today and take your first step toward mastering one of the world’s most versatile programming languages—entirely for free. 

click the image to attend