Pi Hole protection

Having done a basic nmap and knowing what pi-hole is listening will it do any harm if I put up a firewall using iptables

No, unless you block Pi-hole from contacting the upstream server.

Thanks for prompt reply. On a side note can anything be done about referrer pages >

No, we cant change URLs or replace domains with other domains.

Not as far as Pi-hole is concerned (granted you allow the right ports), and the performance impact will be negligible, even on an RPi Zero - BUT make a strong mental note and/or document in some place very obvious that you did configure a firewall, just in case you want to expand your Pi-hole's capabilities at some later time (e.g. by adding third-party upstream DNS-over-TLS support utilizing port 853).

Edit:
And since you mention protection, please be aware that Pi-hole strongly discourages its users from running an open resolver (i.e. don't expose Pi-hole to public access).

1 Like

Thanks for your response and yes. I am a firm believer in documenting what I do before I DO IT. I already have a backup of the main system and will implement the blocks in stages, leaving a space before I implement any others. Document, watch, document and then put in the next set. WHilst always having a roll back plan.

The Pi-Hole itself is running on PI4 4GB in a flirc case. Ok it might be overkill but the flirc case limits me from using hats so I thought I would put it to this task.