Mastering EdgeRouter Security: Why Command Line and GeoIP Blocking Are Game-Changers

 

Using the Command Line Interface (CLI) on #Ubiquiti EdgeRouters opens the door to powerful, fine-tuned control that the graphical UI simply can't match. Whether you're configuring advanced routing rules, managing firewall policies, or scripting automated tasks, the CLI provides a deeper, more efficient means of managing your network infrastructure. It enables network administrators to execute changes quickly, troubleshoot with precision, and unlock features that may not be accessible via the GUI—making it an indispensable tool for professionals seeking robust and scalable setups.

One of the most impactful security features you can implement via the CLI is GeoIP blocking. By filtering traffic based on geographic origin, administrators can dramatically reduce attack surfaces, blocking high-risk countries from accessing sensitive services like SSH, VPN, or remote management. When combined with the CLI, setting up GeoIP filtering becomes a flexible and powerful defense mechanism, protecting your network from unwanted intrusion while giving you granular control over who can connect and from where. This level of security customization is vital in today’s threat landscape, especially for SMBs and IT professionals managing remote access points.

Urls

EdgeRouter - Add Debian Packages to EdgeOS

https://help.uisp.com/hc/en-us/articles/22591219068055-EdgeRouter-Add-Debian-Packages-to-EdgeOS

EdgeRouter - How to Create a WAN Firewall Rule

https://help.uisp.com/hc/en-us/articles/22591166964119-EdgeRouter-How-to-Create-a-WAN-Firewall-Rule

Firewalling by country on Edgerouter

https://www.cron.dk/firewalling-by-country-on-edgerouter/

Ubiquiti EdgeRouter GeoIP Blocking Setup - How To

https://www.youtube.com/watch?v=Qn5hbdijYJM

Ubiquiti Edgerouter VPN Configuration

https://www.youtube.com/watch?v=Y9EkYniZH5k

Here are all the commands that I used in the video:

terminal length 0  

cat /var/log/charon.log | grep  init

show version

configure

set system package repository stretch components 'main contrib non-free'

set system package repository stretch distribution stretch

set system package repository stretch url http://archive.debian.org/debian

commit ; save

sudo apt-get update

sudo apt-cache search dnsutils

sudo apt-get install dnsutils

Test that the utilities successfully installed with the following command

sudo dig @8.8.8.8 google.com

sudo apt-get install wget

sudo apt-get install nano

set firewall group network-group countries_allowed description countries_allowed

To check that your firewall group was created from the CLI, type

show firewall group

commit

save

exit

mkdir /config/zonefiles

cd /config/scripts

 sudo nano country-load

---------------

#!/bin/bash

countryList=“ca"

firewallGroupName=countries_allowed

function loadcountry () {

        firewallGroupName=$1

        country=$2

        echo "Downloading country definition for $country..." >> /var/log/alex

        wget http://www.ipdeny.com/ipblocks/data/countries/${country}.zone -O /config/zonefiles/${country}.zone -q

        echo "Adding rules to firewall group $firewallGroupName..." >> /var/log/alex

        for rule in `cat /config/zonefiles/${country}.zone`; do

                ipset add $firewallGroupName $rule

        done

}

ipset -F $firewallGroupName

for country in $countryList; do

        loadcountry $firewallGroupName $country

done

---------------

sudo chmod 755 country-load

sudo ./country-load

sudo ipset -L countries_allowed

sudo ipset –L | grep ip address

sudo ipset add countries_allowed 24.138.184.164/20

sudo ipset del countries_allowed 24.138.184.164/20

 

 

show configuration commands | grep  ike | grep WAN_LOCAL

show configuration commands | grep  l2tp | grep WAN_LOCAL

 

configure

set firewall name WAN_LOCAL rule 30 source group network-group countries_allowed

set firewall name WAN_LOCAL rule 60 source group network-group countries_allowed

commit

save

exit

last point.. make sure you watch your firewall rule order..

Sentimental Sundays: Punch Cards

 

Punch Cards: A Historical Overview

 Punch cards, also known as punch cards or perforated cards, were a significant innovation in the early days of computing and data processing. These cards, typically made of stiff paper, featured holes punched in specific locations to represent data. The concept dates back to the 19th century, with the most notable early use being in the Jacquard loom, which used punch cards to control the weaving of patterns. In the 20th century, punch cards became integral to the operation of early computers, such as the IBM 1401, allowing for data input, processing, and output in a systematic manner. This technology revolutionized data handling and laid the groundwork for modern computing.

4.5 megabytes of data in 62,500 punched cards, USA, 1955

The Decline of Punch Cards

 As technology advanced, the use of punch cards began to decline in the late 20th century. The introduction of more sophisticated data storage and processing methods, such as magnetic tape and later, digital storage solutions, rendered punch cards obsolete. Despite their decline, punch cards played a crucial role in the development of programming languages and data management systems. They were not only a means of inputting data but also served as a way to document and structure information. Today, while largely a relic of the past, punch cards remain a symbol of early computing and are occasionally referenced in discussions about the evolution of technology.

A bit of Info

Did you know that the first computer program ever written was input using punch cards? Ada Lovelace, an English mathematician, is often credited with creating the first algorithm intended for implementation on Charles Babbage's Analytical Engine in the mid-1800s, which would have used a punch card system. 

During World War II, punch cards were used extensively for tasks such as calculating artillery trajectories and managing logistics, showcasing their versatility beyond mere data entry.

Origin in Textile Industry: Punch cards were first used in the early 18th century to control looms, notably in the Jacquard loom (1804), which used perforated cards to automate complex weaving patterns.

Early Computing Use: Herman Hollerith adapted punch cards for data processing in the 1890 U.S. Census, significantly speeding up tabulation. His company later became part of IBM.

Standardized Format: By the 1920s, IBM’s 80-column punch card (with 80 columns and 12 rows) became a standard for data storage, used in computers until the 1970s.

Data Representation: Each column on a punch card typically represented one character, with holes punched in specific patterns to encode letters, numbers, or symbols, read mechanically or optically.

Obsolescence: Punch cards were largely replaced by magnetic tape and disks by the 1980s due to their limited storage capacity and fragility, though some systems used them into the 1990s.

Master Python for Free: Dive into TWB's Comprehensive Online Course

 Looking to learn Python without spending a dime? TWB’s Free Python Course offers a high-quality, self-paced curriculum designed for beginners and intermediate learners alike. Created by Kirk Byers, this course has been trusted by thousands of learners and professionals to build practical programming skills that are directly applicable to network automation, data analysis, and more.

The course covers essential Python concepts through hands-on examples and real-world applications. You’ll start with the basics—variables, data types, control flow—and move on to more advanced topics like functions, object-oriented programming, and working with external libraries. The content is tailored to be clear and digestible, with email-based lessons that guide you step-by-step through learning and practice.

What sets this course apart is its blend of practicality and accessibility. Whether you’re a complete beginner, a network engineer seeking to automate tasks, or someone transitioning into tech, TWB’s Python course is a valuable, no-cost resource. Sign up today and take your first step toward mastering one of the world’s most versatile programming languages—entirely for free. 

click the image to attend

Real Corporate Success Strategies - Tim O'Neill

 

Author - Anil Singhal

Can many years of corporate success be proof on how a corporation should be run?

I believe so and the proof is in two books by Anil Singhal.

Learn how one innovator has shown how REAL management strategies can lead to a Fantastic success story!

The author has proven these strategies really work with 30+ years of real success!

 

I am not a book reviewer but I like network technology and have written several hundred technology articles and reviews since I started this site in 2007 with my Friend, Denny Miu. However, this review is very important to me so here goes -

This overview is about two management strategy books that are not theoretical but proven guidebooks with strategies for today’s CEO’s to find true business success. These books are written in an informal style but focus on Real and Viable management methods and strategies. These books are about proven successful real-world solutions for True Corporate Success.

What is True Corporate Success in the eyes of the Author? Real Corporate Success is where the corporation grows in its chosen market, the employees act like shareholders and feel challenged and needed as part of the overall success of the company. The application of the items in these books are proven guides to a real success strategy that has proven its real value by being deployed successfully over 30 years by Anil.

The two books are – Lean but NOT MEAN and The 5% Rule of Leadership both by NetScout’s CEO Anil Singhal who has been the successful CEO of Netscout for over 30 years! Netscout is a super successful high technology company filled with dedicated and fulfilled employees because their CEO manages by the same strategies he discloses in these two books!

                               

Most books on management, even technology focused, are theoretical rules called “goals “and or philosophies that are designed as get management rich then sell the company and leave the employees jobless or in limbo? Anil’s books are incredible treatises of proven management wisdom to grow successful corporations of all, while being successful and continue the growth in value for stock holders and employees!! Yes, you want the employees to be like and treated like Shareholders who are totally invested in the corporation!

Most management books talk about Goals that are never reached. Anil's books talk about implementing real world and proven strategies to become a successful CEO that creates a GREAT company that is Financially Successful and Employee Successful.

You see when we talk about business most CEO’s look for the product to be the only value in the company. These books show us that the Employees are the REAL Value to the overall and continued success of corporations.  The 5% rule of Leadership covers front end strategies on how to manage, not micro manage, successful teams. The many years of the strategies in these books that have been deployed by one innovative CEO for over 30 years proves that they work and are truly viable and capable of achieving REAL CORPORATE SUCCESS!

This CEO I am talking about is Anil Singhal, whom I have known for nearly 40 years. When Anil started Netscout, he wanted a truly successful company. Anil’s definition of a successful company is a bit different than most corporate CEOs. To Anil, corporate success has many dimensions that he covers in these two books.  He wanted a great product, one that has lasting value and growth potential for his customers. He wanted his employees to be successful, feel valued and belong to the corporate family. Now, these are not goals in NetScout, these are a reality that has seen the company grow, have an awesome successful and relevant product with full employee engagement in every aspect and an awesome employee retention that is at a near a 20-year average.

In Anil’s first book – “Lean but NOT MEAN” he focuses on a basic message that management should not be unfeeling but should focus on the employees that make the company successful as a management priority. If employees are always worried about being laid off to show a bigger profit, they are not fully engaged and focused on the company’s success. Employees should be engaged like stock holders thus focused on the company’s success, which is their success!

In both of Anil’s books he talks about the “The 5 Percent Rule of Leadership,” which applies to all corporate events defined as important decisions. In the 5% rule the leadership gets involved early on, in the very beginning stages of any new action. This included but not limited to product definition, development, acquisitions ..etc determining the goals and metrics for success. Then, upper management gets out of the way and allows their trusted employees to thrive during execution, avoiding frustrating redundancy, micromanagement and wasted labor and time by pushing decision-making and actions further down the command chain. This strategy allows employees to be successful as they are a valued part of the company and involved in every corporate activity strengthening their bond with the company and its success.

If you are a corporate leader, you should read these two “real worlds” books that share proven success strategies to grow your company and strengthen your bond with your employees who will be a very real part of your corporate success. Anil points out that since he treats all employees the same, from himself down, (even all office sizes are the same size) that he saves time with creating and delivering only one review for all! Anil does not deal with goals as a strategy, he says implement change and do not wait!

Anil is really an incredible innovator and has really proven that being lean and not mean, valuing every member of the Team and involving everyone is the corporate success story is the way we all should manage, grow and thrive in today’s corporate environment.

I recently heard that many people in Amazon have been working there for 8 years plus because of strategies proven by Anil! Being a kind and an employee inclusive corporation really works as proven by Anil that has shown proof over the last 30+ years with many employees that have been there over 20 years!

My suggestion is Do Not Set Goals – Implement Inclusive Change, NOW!!!

These books are about great success strategies but they are also about a great man who shows that caring is a success strategy not just in corporations but in his and our daily lives!

I am proud to call Anil a friend! I have really enjoyed reading his books and seeing the joyful success that they have brought to so many. I have shared the books with students and professors alike.

My hope is that more CEO’s read these books and implement his proven strategies so we can have a kinder, healthier, friendlier and more successful corporate world.

I wish all, Great Success with Fulfilled Careers with Lean but Not Mean companies! Tim

PSA: Outdoor Rated Tie Wraps

 if you like these articles, dont forget to like, share or subscribe.

Using UV-rated tie wraps is crucial when installing equipment outside to ensure long-term durability and reliability. Standard cable ties are not designed to withstand prolonged exposure to the sun's ultraviolet (UV) rays, which can cause the nylon material to degrade over time. This degradation leads to brittleness and eventual failure of the tie, potentially compromising the security of the equipment. UV-rated tie wraps, on the other hand, are specifically manufactured to resist the harmful effects of UV light. They are made with carbon black and other stabilizers that slow down the fading and degradation process, making them ideal for outdoor applications where the ties will be exposed to the elements for extended periods.

 

The importance of UV-rated tie wraps extends beyond just the physical security of the equipment. In industries such as telecommunications, construction, and agriculture, the failure of a cable tie can lead to significant downtime and costly repairs. For example, in satellite dish installations, loose or broken cable ties can result in misaligned dishes, leading to poor signal quality and customer dissatisfaction. Similarly, in agricultural settings, where equipment like harvesting machines and cranes often operate outdoors, the failure of a cable tie can cause safety hazards and equipment malfunctions. By using UV-rated tie wraps, these industries can ensure that their installations remain secure and functional, reducing the risk of unexpected issues and minimizing maintenance costs.

 

Moreover, UV-rated tie wraps offer a cost-effective solution for outdoor installations. While they may be slightly more expensive than standard cable ties, their longevity and reliability make them a worthwhile investment. The added protection against UV damage means that these tie wraps can last for many years, even in harsh outdoor conditions. This durability reduces the need for frequent replacements, which can be both time-consuming and costly. For instance, a study found that some UV-rated tie wraps have been known to last over 30 years without showing signs of wear or breaking. This long lifespan makes UV-rated tie wraps a practical choice for applications where maintenance and replacement are difficult or impractical.

 

In addition to their practical benefits, UV-rated tie wraps are also versatile and available in a range of lengths and strengths to suit various applications. They can be used in both indoor and outdoor settings, making them a versatile solution for securing cables and equipment. For example, they are commonly used in industrial settings where machinery operates in both indoor and outdoor environments, such as boiler rooms and chemical plants. The availability of UV-rated tie wraps in different lengths and breaking strengths ensures that they can be tailored to meet the specific needs of each installation, providing a reliable and secure solution for a wide range of applications.