In order to do this you need a couple of things first.
- UFW installed.
- UFW disabled.
- Pihole or AdGuard Home installed.
- Pihole or AdGuard Home set on a static IP configured on the machine itself.
- Pihole or AdGuard Home set to lease DHCP.
- Know your DHCP pool.
Your DHCP pool is essentially your router IP with a 0 replacing the last digit. So it could be 192.168.1.0
or 192.168.254.0
in my case it is 10.0.0.0
once you have this, we can setup UFW. If you SSH into your Pi-hole or AdGuard Home hosting device remotely this will block that connection, so you will have to manually specify allow incoming on the port you have SSH on, and I beg you to move it off of port 22. Follow along below.
ufw disable
ufw default deny incoming
ufw default allow outgoing
ufw allow from any port 68 to any port 67 proto udp
These next two commands will vary depending on your local setup. For me my Ethernet connection is viewed as etho1
on my AdGuard Home machine. However yours could be eth1
or enspo0
you will have to determine this yourself, it will also vary if you're using a wireless connection.
Run ip a
to find the name of your connection, lo
is loopback and not the one to use, I will use my etho1
for the commands below. Also, I will use 192.168.1.0
for the example command, you will have to change those numbers to match your config.
ufw allow in to 192.168.1.0/24
ufw allow in on etho1 from any port 68 to any port 67 proto udp
ufw reload
ufw enable
Now ufw
is running, allowing Pihole or AdGuard Home to correctly lease DHCP, blocking external connection attempts to this device, allowing local devices to utilize it, and everything is working as it should be.
AdGuard & Pi-hole Discord: https://discord.gg/VzThBmB
Top comments (0)