Pi-hole and UFW

Hello!!

I would like to enable the firewall my Pi-hole server.

DHCP is served by my router, so only serves dns. Also, I've configured DNS over HTTPS with cloudfared.

My server is a Ubuntu 22.04, so I'll use UFW to configure it.

According with the documentation, I should allow this ports:

ufw allow 80/tcp
ufw allow 53/tcp
ufw allow 53/udp

However, in this thread this info is different:

• Open Pi-Hole's Web Dashboard (Port 80 by default) to the local network only:

sudo ufw allow from 192.168.0.0/16 to any port 80 proto tcp

• Open Pi-Hole's DNS (Port 53) to the local network only:

sudo ufw allow from 192.168.0.0/16 to any port 53 proto tcp
sudo ufw allow from 192.168.0.0/16 to any port 53 proto udp

• Open Port 4711 for Pi-Hole's FTL (from localhost only):

sudo ufw allow from 127.0.0.0/8 to any port 4711 proto tcp

Which commands to configure UFW should I use? Will the firewall break my DNS over HTTPS configuration?

Very best regards and thank you very much!!

The topic you've found discusses ufw rules that are more restrictive than the recommended settings from our guide.

Pi-hole is intended to run on your local network, behind a router's firewall.
In such a scenario, both sets of rules should be applicable - provided that your network range or ranges would match the ones from the discussed rules.

Any firewall requirements specific to your DoH software should be gathered from the documentation for that software.

Hello, thank you very much for your help!!

After reading this documentation:

I can't find anything related to firewalls, except this:

Cloudflare attracts client requests and sends them to you via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible.

If I understand correctly, English it's not my language, there is no need to allow any specific port/rule for Cloudfare tunnel. Am I right?

Best regards!!

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.