Hi,
I'm currently running Pi-Hole on a Ubuntu VM and I'm wondering what port's the Pi-Hole are using as default?
I need to lockdown as much as possible in the VM so I'll use ufw to block everyport beside that ones that Pi-Hole need to run.
I'm guessing 80/tcp 53/tcp and 53/udp but is it any more ports that I need to open for incoming traffic?
Do not port forward 53 unless you are really sure you know what you're doing!
And even then, don't port forward 53.
If you want to use the Pi-hole on cellular/remote devices, set up a VPN. There are many threads on this forum that discuss setting that up
It's not portforwarding or against the internet, as I did write I want to open the correct ports in the UFW.
I only want it to bee safe inside my Gateway if I get a breatch.
So I just want to know what ports I need to open to get the Pi-Hole to work inside my LAN.
I'll totally block everything with the UFW (also the LAN side) and only open the ports that I need.
So what ports do it use? I can't find the ports.
UFW is software FW in Ubuntu and I'll block everything but the ports that the Pi-Hole need to I just want to know what ports that Pi-Hole are depending on?
Incoming traffic not outgoing as I have UFW open for all outgoing traffic.
Sorry, busy at work! 53 and 80 are the only ones used by Pi-hole 
Ok thanks, so it's port 80/tcp and port 53/udp and 53/tcp correct?
Was this ever answered?
I was wondering the same thing. If we take zero trust policy to the max, we shouldn't trust the Pi-hole beyond what we readily see working, so why not ufw-block outgoing as well except for those few ports required?
Maybe part of the answer is that in order to get some bit of the Pi-hole to turn malicious, someone bad would have to be able to sudo something, in which case ufw is probably considered toast, too - is that the case?
These are the ports used by Pi-hole: