Tips about installation guide

Hi!
I have some suggestion to improve the prerequisite’s guide
https://docs.pi-hole.net/main/prerequesites/#supported-operating-systems

How I read multiple times, PiHole born to be used on and inside local network so I think the security could be improved.
I know that if a port is not open on the router firewall it should be closed from the outside but there are a lot of low budget, not reliable router in the world, so my tips.

  1. Not concerning security: the installation guide say that pihole-ftl use port 4711 on the loopback interface, but the pihole installation open ports between 4711 and 4720, so something is wrong;

  2. Due pihole is used in local network I suggest do modify the guide suggested firewall rules as following

-A INPUT -s 127.0.0.0/8 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 127.0.0.0/8 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -s 192.168.0.0/16 -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -i lo -p tcp -m tcp --dport 4711:4720 -j ACCEPT

Have a good day, you are doing a wonderful work with PiHole!

I’m not overly great with firewall rules myself, but none the less thanks for the suggestion! Providing the suggested edits are sane, then please feel free to make a Pull Request to amend that page of the documentation on https://github.com/pi-hole/docs

Nice thought :slight_smile:
To cover the full range of possible private IP addresses, the following subnets should be considered also:

10.0.0.0/8 
172.16.0.0/12

Also, IPv6 is not beind catered for at all (though that may be secondary for a home network).

@Bucking_Horn you are right, both about IPv6 and the other IPv4 classes.
Regarding IPv6 I forgot to copy ip6tables -S output :sweat_smile:
About IPv4 classes I think that them could be auto set, due pi-hole know its IP and subnet mask during the installation.

@PromoFaux I’ll try, is the first time on github for me :slight_smile: