Skip to main content
All CollectionsUniFiUniFi - Security
UniFi LAN IN vs LAN OUT and LAN LOCAL explained
UniFi LAN IN vs LAN OUT and LAN LOCAL explained
Reilly Chase avatar
Written by Reilly Chase
Updated over 3 weeks ago

UniFi's legacy firewall (before UniFi Zone-Based Firewall was introduced in UniFi 9 with UXG firmware 4.1+) advanced rules can have the following types:

Internet In

Internet Out

LAN In

LAN Out

LAN Local

Guest In

Guest Out

Guest Local

Internetv6 In

Internetv6 Out

LANv6 In

LANv6 Out

LANv6 Local

Guestv6 In

Guestv6 Out

Guestv6 Local

The most common question that we get is whether you should use LAN IN or LAN OUT when creating firewall rules to allow traffic between VLANs

To better understand the difference between the rule types it's important to picture yourself from the router's perspective

LAN IN is traffic is traffic incoming to the router from the LAN destined for somewhere else

LAN OUT is traffic leaving the router destined to the LAN from the router perspective

Generally if you want to allow or block something it will be done on LAN IN

If you want to block traffic going from the LAN to the router itself you can use LAN LOCAL as the destination

Related Articles
UniFi - Failover vs Distributed
How to migrate from UniFi Legacy Firewall to Zone-Based Firewall
How to block inter VLAN traffic UniFi
How to allow VLAN to VLAN traffic UniFi
UniFi cutover checklist
Did this answer your question?