I have an Ubuntu 20.04 LTS VPS (connected directly to the internet), on which I installed WireGuard and Pi-Hole.
I noticed tons of requests on my ad-blocking DNS server, and I suddenly realized that leaving my 53 port open was a bad idea at all.
I'm now wondering how could I block all requests to port 53 unless they come from WireGuard tunnel (the idea is that I want to be able to access my DNS only if I am also connected to my VPN).
The very question is how to select the incoming traffic by checking whether the client is connected to WireGuard on the server or it's coming from the internet wasteland.