I’m writing this as a reminder to myself, but it might also help others since it took me quite some time to figure out all the bits and pieces. It uses DPI (Deep Packet Inspection) to classify network traffic and therefor doesn’t work for everything. For example, it didn’t block Minecraft.
How to
Open a terminal and ssh to controller with username and password that you find under USG Settings -> Site
ssh <username>@192.168.1.1
Enter configuration mode
<username>@ubnt:~$ configure
Save the configuration file
<username>@ubnt:~$ save file
Open another terminal and SFTP to controller
sftp <username>@192.168.1.1
Download file
sftp > get /config file
Open file in text editor which can save with unix line endings, for example Notepad++.
Add
name DPI {
default-action accept
rule 10 {
action drop
application {
category Games
}
time {
starttime 09:00:00
stoptime 14:59:59
weekdays Mon,Tue,Wed,Thu,Fri
}
}
}
(mine is in between “name AUTHORIZED_GUESTS” and “name GUEST_IN”)
Upload the configuration file with SFTP
sftp> put file
It gets uploaded to /home/<username>/
In the first terminal, where you are in configuration mode, load your new file
<username>@ubnt:~$ load /home/<username>/file
Try out the settings by committing the change. Committing means that your config is applied until next reboot.
<username>@ubnt:~$ commit
If it works as intended, save the changes.
<username>@ubnt:~$ save
Resources
To view category for a site
<username>@ubnt:~$ sudo /usr/sbin/ubnt-dpi-util search-app amazon
I followed this guide first to create the rule for blocking according to DPI, then downloaded the config, added the time specifications and then uploaded and applied the modified config.
https://help.ui.com/hc/en-us/articles/218732788-EdgeRouter-Create-a-Firewall-Rule-using-Deep-Packet-Inspection-DPI-
Here is where I found someone adding times
https://community.ui.com/questions/Firewall-source-Mac-address-fails-on-commit/f416b90d-8f71-4c43-8fdc-7afcc92889b8#answer/de3f0b91-9d97-4d48-9d30-95bb03510be0
The search for simplicity 