AdGuard - Network-wide ads & trackers blocking DNS server

girish

@mehdi Yes, currently anyone can access it. I think we have to add some sort of firewall feature in the future to limit access to apps by IP in a future release.

mehdi

@girish I strongly second this firewall proposal

girish

@mehdi I wasn't sure if it's worth the effort because most VPS providers these days have a firewall in their control panel (which is better than iptables since packets won't even hit the VM now and will get stopped at the cloud provider's edge).

fbartels

@girish adguard itself actually also has a whitelist feature for ips it will reply to. But that would even be one level further down from the effectiveness of iptables.

girish

@fbartels you are right! It's under DNS setings.

fbartels

@girish afaik all settings are stored in an ini file. Maybe it could be auto setup only for the internal network towards the app containers?

marcusquinn

@fbartels 2nd this!

necrevistonnezr

@girish said in AdGuard - Network-wide ads & trackers blocking DNS server:

@mehdi I wasn't sure if it's worth the effort because most VPS providers these days have a firewall in their control panel (which is better than iptables since packets won't even hit the VM now and will get stopped at the cloud provider's edge).

Don't forget us bedroom server adminstrators...

mehdi

Nor us bare-metal people!

jimcavoli

I'm a big fan of the "belt-and-suspenders" approach to firewalls locally and out in the magical ingress/networking land. Never a bad thing to have more controls or choices over where to manage/place certain controls. Portability is a big thing too, and a lot of the cloud provider firewalls are rather bespoke, with a wide range (or lack) of features.

marcusquinn

@necrevistonnezr @mehdi Haha, innuendo bingo! Only a matter of time before Only Fans stars start using Cloudron to avoid de-platforming issues and cut-out the middle-men.