Hi,
i'm running a pi-hole and a VPN at work and it works great!
When i made the setup i followed this guide: GitHub - pi-hole/pi-hole: A black hole for Internet advertisements
The onlu problem is when i list the iptables (sudo iptables -L) for verify is everything is ok the list is empty.
Is this normal or i'm using the wrong command to see the lists?
Thanks!
Can you post the exact output? Otherwise I'd assume that your rules haven't been added.
Note that is you run the Pi-hole + VPN on your Raspberry at home (shielded behind a router) the entire firewall configuration is optional as you are already protected by the firewall of your router.
Im going to ask a stupid question here, from a noobs point of view.
If I am running behind my router...do I even need to consider using iptables?
I ask, as I always have trouble when adding rules, something seems to 'break'
Is it really safe enough to rely on my router firewall?
No
Yes (unless you don't trust your router's firewall, of course).
hmm interesting.
How would one go about testing my routers firewall?
If I can rely on it, I am certain I will save myself a whole load of keyboard banging when getting my network setup how I want!
Good question! Unfortunately, I don't have an equally good answer 
There are some port scanner websites out there which you could point to your public IP address and let them scan your router from the outside. That seems like the best you can do (easily).
I myself never used a firewall on a device inside my network at home. I trust my router's firewall and route only the few ports I need for my VPN connection to my Pi. Everything else (like DNS, HTTP, etc.) remains shielded from the outside.
I think im going to go with my router. Its provided by a big UK ISP (sky) so should be reliable.
I at the moment only have 1 port routed to my pi, that is for the VPN.
Thanks for your help, its opened my eyes a bit and made me a lot more confident in not using iptables!
Thank you for your response! I think i'm gonna rely on my router. I just opened port 80 and an especific por for the vpn so it should be good.