arno/pi-hole
1
0
Fork 0
mirror of https://github.com/pi-hole/pi-hole synced 2025-02-28 08:22:35 +00:00
Code Issues Releases Wiki Activity

Updated Pi hole OpenVPN server (markdown)

DL6ER 2016-12-18 19:39:51 +01:00
parent 9c46b2c747
commit eca225ab89
1 changed files with 52 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
Pi-hole---OpenVPN-server.md

@ -72,3 +72,54 @@ Your whole network traffic will now securely be transferred to your Pi-hole.
--- ---
(Optional) If your server is visible to the world, you might want prevent port 80 from being accessible from the outside. You will still be able to connect to your Pi-hole from within the VPN. (Optional) If your server is visible to the world, you might want prevent port 80 from being accessible from the outside. You will still be able to connect to your Pi-hole from within the VPN.
Using `iptables`: First, verify that there is no rule that explicitly accepts `http` requests
```
sudo iptables -L --line-numbers
```
If you get something like
<pre>
Chain INPUT (policy ACCEPT)
num target prot opt source destination
<b>1 ACCEPT tcp -- anywhere anywhere tcp dpt:http</b>
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:domain
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
</pre>
you have to first explicitly delete the first INPUT rule using:
```
sudo iptables -D INPUT 1
```
Then you can add an explicit rule that allows `http` access from within the VPN
```
sudo iptables -A INPUT -i tun0 -p tcp --destination-port 80 -j ACCEPT
```
And another one that prevents accessing the `http` port from everywhere else
```
sudo iptables -A INPUT -p tcp --destination-port 80 -j DROP
```
Your configuration should look like
<pre>
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
2 ACCEPT udp -- anywhere anywhere udp dpt:domain
<b>3 ACCEPT tcp -- anywhere anywhere tcp dpt:http
4 DROP tcp -- anywhere anywhere tcp dpt:http</b>
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
</pre>
while there might be other rules in your table. Note that the order of the list entries matters!