The original post: /r/pihole by /u/phoenix_73 on 2024-10-13 08:50:46.
Hello everyone,
Just wondering if anyone can help me please, with securing my Pi-hole and PiVPN instance running in the cloud.
I have some already where there are panels with the provider, and so I can set firewall rules, but then there are other providers that operate with all ports open and you're to do it yourself on the virtual machine.
I understand iptables can be used to secure my machine.
So for example, default rule, everything inbound should be blocked EXCEPT for port 22 so I can SSH to it but from specific IP addresses, port 80 to be accessible from specific IP addresses, and then ports 51820 and 1194 UDP to be accessible from anywhere as that would be how I'd let clients connect and then use Pi-hole.
As it stands, web interface can be accessed and SSH without those restrictions in place. I just want to lock it down so it can be accessed from only two or three known IP's which are actually my other instances I have in cloud and are locked down.
The Pi-hole is set to only allow local traffic for DNS queries as well, and with knowing port 53 is not blocked.