AGH, Hetzner Firewall and Dynamic IP
-
I use Adguard on a Hetzner Cloudron VPS. To do this, TCP/UDP port 53 (DNS) has to be opened in the Hetzner firewall. To prevent every client in the world from accessing it, I only allow my ISP's dynamic IP. Unfortunately, this keeps changing and I have to enter my new IP in the Hetzner firewall (until then, DNS no longer works). DNS Adguard-Sever IP is stored on my Unifi router.
Is there any easier way to do all this, or is there any way to automate the firewall entry? -
My setup is pretty similar to yours. I decieded to use Adguard with integrated DoT or DoH and ClientIDs. Works very good.
-
@Kubernetes does that mean you don't use the Hetzner Firewall?
@sponch https://docs.hetzner.cloud/#firewalls has an API. You can just run it off a cronjob. Cloudron's DNS automation is at https://git.cloudron.io/platform/box/-/blob/master/src/dns/hetzner.js?ref_type=heads#L42 , very easy to use, just pass Auth-API-Token in header.
-
@joseph I do use the Hetzner Firewall, but not to block DNS requests. Because of Client IDs any strangers DNS request will be denied by Adguard, IP-Limitter helps to get not flooded with requests. I have whitelistet my ISP IP and update it manually when it changes.
Thanks for the hint with Hetzner Firewall API, could be interesting for some other use cases
-
Good workflow!
@Kubernetes said in AGH, Hetzner Firewall and Dynamic IP:
I have whitelistet my ISP IP and update it manually when it changes.
I think this is where the API will help if your IP changes a lot. I don't know if it applies to @sponch but in my home, the VPS only changes IP within a specific subnet. In the firewall, I just whitelist the subnet instead of a specific IP.
