Based on deHakkelaar's reply, I've added a rule for the entire loopback subnet.
Notes:
- This configuration will only work for IPv4 networks only.
- You might need to change the network range - 192.168.0.0/16 to suit your own network.
THE STEPS:
1. Start by installing Uncomplicated Firewall (UFW)
sudo apt install ufw
2. Set UFW default policies (Deny In, Allow Out)
sudo ufw default deny incoming
sudo ufw default allow outgoing
3. Open SSH port to the local network only
sudo ufw allow from 192.168.0.0/16 to any port 22 proto tcp
4. Open Pi-Hole's Web Dashboard (Port 80 by default) to the local network only
sudo ufw allow from 192.168.0.0/16 to any port 80 proto tcp
5. Open Pi-Hole's DNS (Port 53) to the local network only
sudo ufw allow from 192.168.0.0/16 to any port 53 proto tcp
sudo ufw allow from 192.168.0.0/16 to any port 53 proto udp
6. Open Pi-Hole's DHCP server (IPV4: 67) (IPV6: 547)
Note: Only do this if you are using Pi-Hole's DHCP server
sudo ufw allow from 0.0.0.0 to any port 67 proto udp
7. Open Port 4711 for Pi-Hole's FTL (from localhost only)
sudo ufw allow from 127.0.0.0/8 to any port 4711 proto tcp
8. Enable/reload UFW
sudo ufw enable
or
sudo ufw reload