Udm pro SE is the best thing I bought. 10g, protect for camera selfhosting which works great, new updates made wireguard first class citizen, and if you want anything more complicated it's just a dumb debian underneath (which I do a bunch of stuff).

I'm reallt happy with it.

>>> and if you want anything more complicated it's just a dumb debian underneath

Are you doing persistence (keep settings/data after reboot) with Unifi OS 3?

Why and how do you block application layer stuff like quic?

Tiny network tyrants gotta flex somehow.

Sure, large network tyrants really don’t like the tiny network tyrants that prefer their network traffic to be fully visible.

When UDM shows you QUIC eats up the majority of your bandwidth you may decide to click to add a rule to block it. You may see a large reduction in overall daily bandwidth as a result. If you watch YouTube you are using QUIC. Certain QUIC vulnerabilities are a 3 or 4 packet compromise.

Youtube will fall back to TCP. If the bandwidth utilization actually did drop it's probably because the stream quality throttled down.

What do you mean by "QUIC vulnerabilities are a 3 or 4 packet compromise"?

CVE-2023-39322 for example

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth.

I like Google Dart and other Google products but I see too many potential issues with QUIC. From my personal experience it has behaved suspiciously on my network.

This is a particular implementation of the QUIC protocol (which is now fixed). Do you think there haven't been vulnerabilities against TCP? Certainly TCP is battle-hardened, but QUIC will get there too.

I believe in you. More of you should split off though and create more healthy competition. A 10 to 20 year plan is needed for a new protocol.

I’m Guessing the sites will then fallback to another protocol correct?

Yes plain UDP or TCP.