I have been running pihole for some time on my pi zero and it works great. I've learned a lot since my humble beginnings and want to harden the security on my pi. I want to install Uncomplicated Firewall (ufw) and use it to secure the pi.
My concern is I will somehow break my pihole and hence want to post this message to ensure I am doing things correctly. Since the pihole runs dns and dhcp for my network its crucial I don't break it.
My intent is to start with denying all connections, then open just what I need.
Start by installing Uncomplicated Firewall UFW
sudo ufw: apt-get install ufw
Deny all connections.
ufw default deny incoming
Restrict SSH to my local network
ufw allow from xxx.yyy.zzz.0/24 to any port 22 proto tcp
Open DNS port 53 to my local network
ufw allow from xxx.yyy.zzz.0/24 to any port 53 proto tcp
Open DNS port 53 to the internet
ufw allow from any to any port 53 proto tcp
Effectively, this should only allow SSH from my local network and open up DNS port 53 for my local network and the internet. If I do this, will it break the pi? Does the pihole need add'l ports to function properly?
Not yet implemented.
Not yet implemented so not applicable.