Open ports in firewall

Hi,

I was searching through help files and forum but didn't found a clear answer so maybe someone knows:

I want to install Zabbix Agent on the Cloudron server, it communicates to the 'external' Zabbix Server via ports 10050 and/or 10051. So I need to open these ports and even better allow only comms to specific IP.

In the Cloudron Docs (https://cloudron.io/documentation/security/#configuring-cloud-firewall) it says NOT to change/use IPtables, it also says you should then use DigitalOcean Cloud Firewall. But here is some discrepancy i.m.h.o.:

1. if I want to use DO Cloud Firewall, how do I switch off the "internal" firewall?
2. On that Docs page is a table of standard open ports I must configure in DO Cloud Firewall, but how do I know which extra ports are configured by or after installing an app as these have to be manually changed in the DO Cloud Firewall?
3. Is it a desired feature if Cloudron is able to configure (is there an API?) the DO Cloud Firewall?

Thanks already for your answers and opinions.

Kind regards,

Marcel

@girish it would be great to have Pi-hole in Cloudron and I agree with you it should be save.
Pi-hole itself advises to put it on top of OpenVPN: https://docs.pi-hole.net/guides/vpn/overview/

Is it possible to make a Cloudron-app with Pi-hole in VPN so you can make use of it anywhere AND safe!?

Kind regards,
Marcel.