not without editing the templates. With the
security/packetfilter/... entries you cannot specify a source IP, and
/etc/security/packetfilter.d/50_local.sh is too late, i.e.,
10_univention-firewall_start.sh contains the UCR settings.
(Ok, in theory you could set all
security/packetfilter/... entries to
DROP and put almost all config into
50_local.sh, but in that case, editing the templates would be much cleaner)