DEV Community


Posted on • Updated on

Pihole or AdGuard Home as DHCP server with UFW enabled.

In order to do this you need a couple of things first.

  • UFW installed.
  • UFW disabled.
  • Pihole or AdGuard Home installed.
  • Pihole or AdGuard Home set on a static IP configured on the machine itself.
  • Pihole or AdGuard Home set to lease DHCP.
  • Know your DHCP pool.

Your DHCP pool is essentially your router IP with a 0 replacing the last digit. So it could be or in my case it is once you have this, we can setup UFW. If you SSH into your Pi-hole or AdGuard Home hosting device remotely this will block that connection, so you will have to manually specify allow incoming on the port you have SSH on, and I beg you to move it off of port 22. Follow along below.

  • ufw disable
  • ufw default deny incoming
  • ufw default allow outgoing
  • ufw allow from any port 68 to any port 67 proto udp

These next two commands will vary depending on your local setup. For me my Ethernet connection is viewed as etho1 on my AdGuard Home machine. However yours could be eth1 or enspo0 you will have to determine this yourself, it will also vary if you're using a wireless connection.

Run ip a to find the name of your connection, lo is loopback and not the one to use, I will use my etho1 for the commands below. Also, I will use for the example command, you will have to change those numbers to match your config.

  • ufw allow in to
  • ufw allow in on etho1 from any port 68 to any port 67 proto udp
  • ufw reload
  • ufw enable

Now ufw is running, allowing Pihole or AdGuard Home to correctly lease DHCP, blocking external connection attempts to this device, allowing local devices to utilize it, and everything is working as it should be.

AdGuard & Pi-hole Discord:

CashApp: $CipherOps

Top comments (0)