Restrict access to pihole

I have setup pihole with OpenVPN​, i have assigned static virtual IP for VPN clients, I want to access pihole from 10.8.0.2 only and block access from other clients. How do I do it?

You will most likely have to do this via the firewall on the device the pihole is installed on.

Is it possible with iptables?

Yes it is, would require some Google-Fu depending on your setup.
You'd want to ideally do this if you have physical access as if anything goes wrong you could lock yourself out remotely!


Some links of interest:

sudo iptables -A INPUT -s 10.8.0.2 -p tcp --destination-port 80 -j ACCEPT
sudo iptables -A INPUT -s 10.8.0.2 -p udp --destination-port 80 -j ACCEPT
It's my wild guess, let's ask @DL6ER he wrote the wiki

If you use lighttpd, you could try to add the following to /etc/lighttpd/external.conf

$HTTP["host"] == "^/admin/" {
	$HTTP["remoteip"] != "10.8.0.2" {
		url.access-deny = ( "" )
	}
}

I haven't tested it, but it should be ok.

As you mentioned, I created the file external.conf and entered the code and restarted lighttpd but still I can access web ui from all the clients

In my /etc/lighttpd/lighttpd.conf the last line is to include the external.conf

include_shell "cat external.conf 2>/dev/null"

Maybe that is missing?

That line is present, does it require any additional permission?

I found the issue, it's "url" not "host" for the $HTTP and instead of "==" use "=~"

Please try:

$HTTP["url"] =~ "^/admin/" {
	$HTTP["remoteip"] != "10.8.0.2" {
		url.access-deny = ( "" )
	}
}
1 Like

Now it is giving 404 error

Isn't that what you wanted? The adminpage is now restricted to 10.8.0.2

I wanted to have access to web UI from 10.8.0.2, but I'm getting error while connected from 10.8.0.2
It's a virtual IP right? So lighttpd is thinking it's a public IP and denying the access?

I just tested the config with my setup - Raspberry Pi: Pi-hole & PiVPN (192.168.1.2)

  • VPN on my mobile phone to be outside of the local network
  • received 10.8.0.2 IP
  • opened http://192.168.1.2/admin/ -> page loaded
  • then opened the page on my laptop connected to local network -> 404 page

How are you testing?

It worked! I was testing with http://myip/admin but after entering http://pi.hole/admin works. Thanks