AGH, Hetzner Firewall and Dynamic IP
-
I use Adguard on a Hetzner Cloudron VPS. To do this, TCP/UDP port 53 (DNS) has to be opened in the Hetzner firewall. To prevent every client in the world from accessing it, I only allow my ISP's dynamic IP. Unfortunately, this keeps changing and I have to enter my new IP in the Hetzner firewall (until then, DNS no longer works). DNS Adguard-Sever IP is stored on my Unifi router.
Is there any easier way to do all this, or is there any way to automate the firewall entry? -
My setup is pretty similar to yours. I decieded to use Adguard with integrated DoT or DoH and ClientIDs. Works very good.
-
@Kubernetes does that mean you don't use the Hetzner Firewall?
@sponch https://docs.hetzner.cloud/#firewalls has an API. You can just run it off a cronjob. Cloudron's DNS automation is at https://git.cloudron.io/platform/box/-/blob/master/src/dns/hetzner.js?ref_type=heads#L42 , very easy to use, just pass Auth-API-Token in header.
-
@Kubernetes does that mean you don't use the Hetzner Firewall?
@sponch https://docs.hetzner.cloud/#firewalls has an API. You can just run it off a cronjob. Cloudron's DNS automation is at https://git.cloudron.io/platform/box/-/blob/master/src/dns/hetzner.js?ref_type=heads#L42 , very easy to use, just pass Auth-API-Token in header.
@joseph I do use the Hetzner Firewall, but not to block DNS requests. Because of Client IDs any strangers DNS request will be denied by Adguard, IP-Limitter helps to get not flooded with requests. I have whitelistet my ISP IP and update it manually when it changes.
Thanks for the hint with Hetzner Firewall API, could be interesting for some other use cases
-
@joseph I do use the Hetzner Firewall, but not to block DNS requests. Because of Client IDs any strangers DNS request will be denied by Adguard, IP-Limitter helps to get not flooded with requests. I have whitelistet my ISP IP and update it manually when it changes.
Thanks for the hint with Hetzner Firewall API, could be interesting for some other use cases
Good workflow!
@Kubernetes said in AGH, Hetzner Firewall and Dynamic IP:
I have whitelistet my ISP IP and update it manually when it changes.
I think this is where the API will help if your IP changes a lot. I don't know if it applies to @sponch but in my home, the VPS only changes IP within a specific subnet. In the firewall, I just whitelist the subnet instead of a specific IP.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login