This tutorial will be using firewalld to control access.
Install firewalld:
sudo apt install firewalld
Enable firewalld:
sudo systemctl enable firewalld
Reboot:
reboot
After rebooting, verify firewalld is running:
sudo firewall-cmd --state
First you need to identify your external interface and assign it to the correct zone; we will be using the “public” zone for our external interface, and assigning the interface and rules to this zone.
Identify interfaces:
ip addr
Add correct interface to “public” firewall zone (NOTE my interface is “ens3”, substitute your correct interface name):
firewall-cmd --zone=public --change-interface=ens3
Verify zones and interface:
firewall-cmd --get-active-zones
Access via HTTP and HTTPS has been added to the L3 ports listed on Ubiquiti’s site; we will implement port redirection to the non standard ports. If you prefer security via obscurity, and wish to use the non-standard ports, do not add the first (2) rules, and skip the port forwarding section.
Ubiquiti reference: https://help.ubnt.com/hc/en-us/articles/218506997-UniFi-Ports-Used
firewall-cmd --zone=public --permanent --add-service=http firewall-cmd --zone=public --permanent --add-service=https firewall-cmd --zone=public --permanent --add-port=3478/udp firewall-cmd --zone=public --permanent --add-port=6789/tcp firewall-cmd --zone=public --permanent --add-port=8080/tcp firewall-cmd --zone=public --permanent --add-port=8443/tcp firewall-cmd --zone=public --permanent --add-port=8843/tcp firewall-cmd --zone=public --permanent --add-port=8880/tcp
Enable port forwarding of HTTP to 8080 and HTTPS to 8443:
firewall-cmd --zone=public --permanent --add-forward-port=port=80:proto=tcp:toport=8080 firewall-cmd --zone=public --permanent --add-forward-port=port=443:proto=tcp:toport=8443 firewall-cmd --reload reboot
Reboot may be required to test and verify. You should now be able to browse to the standard https url!