Hello everyone
I have installed dietpi in an sbc (nano pi neo3) connected to a router by ethernet cable and I configured it to be accessible only by ssh. No firewall is installed. The main use for it is to run pihole + unboud. Using it for about 2 years without issues.
The new dashboard message says:
“Please assure to close its network ports (default: TCP 5252 and 5253) on your NAT/router or via firewall, to protect them from public access. If you need to access the DietPi-Dashboard remotely, please use a VPN server on this system, like WireGuard.”
but I’m not sure I really need this, considering that I access the dashboard via browser with my pc, in the same LAN. My router (ZTE H388X) has a firewall set to “Middle: WAN host can neither directly access to LAN hosts, nor to the device itself.”
If it is recommended, I was thinking about using ufw in the sbc with this rules:
sudo ufw allow ssh
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow from 192.168.1.1/24 to any port 5252 proto tcp
sudo ufw allow from 192.168.1.1/24 to any port 5253 proto tcp
sudo ufw deny 5252/tcp
sudo ufw deny 5253/tcp
sudo ufw enable
Do you think it is ok?
