In order to do this you need a couple of things first.
- UFW installed.
- UFW disabled.
- Pihole or AdGuard Home installed.
- Pihole or AdGuard Home set on a static IP configured on the machine itself.
- Pihole or AdGuard Home set to lease DHCP.
- Know your DHCP pool.
Your DHCP pool is essentially your router IP with a 0 replacing the last digit. So it could be
192.168.254.0 in my case it is
10.0.0.0 once you have this, we can setup UFW. If you SSH into your Pi-hole or AdGuard Home hosting device remotely this will block that connection, so you will have to manually specify allow incoming on the port you have SSH on, and I beg you to move it off of port 22. Follow along below.
ufw default deny incoming
ufw default allow outgoing
ufw allow from any port 68 to any port 67 proto udp
These next two commands will vary depending on your local setup. For me my Ethernet connection is viewed as
etho1 on my AdGuard Home machine. However yours could be
enspo0 you will have to determine this yourself, it will also vary if you're using a wireless connection.
ip a to find the name of your connection,
lo is loopback and not the one to use, I will use my
etho1 for the commands below. Also, I will use
192.168.1.0 for the example command, you will have to change those numbers to match your config.
ufw allow in to 192.168.1.0/24
ufw allow in on etho1 from any port 68 to any port 67 proto udp
ufw is running, allowing Pihole or AdGuard Home to correctly lease DHCP, blocking external connection attempts to this device, allowing local devices to utilize it, and everything is working as it should be.
AdGuard & Pi-hole Discord: https://discord.gg/VzThBmB