Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/damianiglesias/pihole-ubuntu-deploy/llms.txt

Use this file to discover all available pages before exploring further.

Pi-hole requires three network ports to be open: port 22 (SSH administration), port 53 (DNS queries from clients), and port 80 (web admin interface). Pi-hole Ubuntu Deploy configures UFW (Uncomplicated Firewall) automatically during the deploy.sh run, ensuring only the necessary ports are exposed.

Ports Required

PortProtocolPurpose
22TCPSSH remote administration
53TCP + UDPDNS query resolution
80TCPPi-hole web admin interface

Automatic Configuration via deploy.sh

deploy.sh configures and enables UFW non-interactively as part of Step 5 of the deployment process: 
ufw allow 22/tcp
ufw allow 53
ufw allow 80/tcp
echo "y" | ufw enable
ufw allow 53 is used without a protocol specifier, which opens port 53 for both TCP and UDP in a single command. This is required because DNS clients use UDP for standard queries and fall back to TCP for larger responses (e.g., DNSSEC records or zone transfers).
deploy.sh uses echo "y" | ufw enable to non-interactively enable UFW. This pipes the confirmation response directly to the command, skipping the interactive prompt that UFW normally presents.

Legacy Script

The standalone legacy_scripts/firewall_rules.sh script can be used independently if you want to apply firewall rules outside of the main deploy.sh flow. It explicitly separates TCP and UDP rules for port 53 and adds a ufw reload step, then prints the active rule set with ufw status verbose: 
# ufw config (firewall) for pi-hole
sudo ufw allow 22/tcp
sudo ufw allow 53/tcp
sudo ufw allow 53/udp
sudo ufw allow 80/tcp
sudo ufw enable
sudo ufw reload
sudo ufw status verbose
Run it directly on your server: 
sudo bash legacy_scripts/firewall_rules.sh

Checking Firewall Status

At any time, you can inspect the active UFW rules and their status: 
sudo ufw status verbose
This shows every rule in effect, the default inbound/outbound policies, and whether UFW is active.

Adding Custom Rules

Depending on your Pi-hole setup, you may need to open additional ports. Common scenarios: 
# Allow HTTPS (if using Pi-hole with SSL)
sudo ufw allow 443/tcp

# Allow Unbound port (if accessed from other containers/VMs)
sudo ufw allow 5335/udp

# Restrict SSH to a specific subnet
sudo ufw delete allow 22/tcp
sudo ufw allow from 192.168.1.0/24 to any port 22
If you are connected to the server via SSH, always ensure port 22 is allowed before enabling UFW. Enabling the firewall without an SSH rule will immediately terminate your session and lock you out of the machine remotely.

Build docs developers (and LLMs) love

Get started for freeTalk to us