This issue is so frustrating, when I happens to me I can fix it, a but when it happens to any other family members or an not attended device is a whole other thing.
I have seen some of the comments of the declined PRs and to be honest I do not understand the logic. It says it is declined because “it is a huge security issue”. But disabling IP bans is also a security issue…
We need to either accept the “workaround” PRs, or fix the fact that the companion app has a tendency to trip the IP ban.
Either works for us. But this has been going on for 4 years now and rejecting PRs for the reasons already mentioned is not great.
Rejecting and not offering an alternative solution isn’t the best look.
At the very least, we need the ability in the GUI to reset/remove IP’s that have been banned.
I like that, as the UI would need to use a REST API and then a “whitelist automation” could be written to periodically remove the bans from specific IPs
Especially with that, it would put the onus on the user to make sure the security is kept, and not on the developers. Which should give a win/win scenario.
Like you, I am surprised that after all this time there is still no GUI editing functionality or even a whitelist…
We are forced to disable the ip_ban option, potentially creating a huge security issue, because it’s possible to get one’s local IP banned.
I don’t think the administrators have fully realized the huge gap in the system. They leave the user either without protection or with an unusable system.
4 years, 3 rejected PRs, and soon 200 votes… It’s time for this topic to change hands.
or maybe one option, simple option. “not ban local networks ips”
The problem as allways the same “baned a ip of the local network, like the router itsefl”.
A simple option to not ban this ip solve the hight percentage of the problems
I was hoping for an answer when hitting this post but it seems this has been an issue for a long time. For us it only seems to happen on my wife’s phone. We both have Pixel 9s and I have cleared her cache, storage and reinstalled without any luck. On my phone my app has 2 servers it can talk to as I manage my mother in laws house as well and I have 2 widgets on my phones home screen. I would love for this to be taken care of as the wife is growing tired of this and I can’t blame her.
Unfortunately that won’t be sufficient. What happens when it bans your home IP (ISP given)?
For everyone else who comes across this thread, please make sure to vote at the top of the page to give it more visibility.
I’ve got a janky workaround for now for HAOS:
In /etc/periodic/hourlyI have a script called remove_bans.sh:
The contents are:
#!/bin/bash
FILE="/config/ip_bans.yaml"
TMP_FILE="$(mktemp)"
# Backup the original for comparison
cp "$FILE" "$TMP_FILE"
# Remove specific IP blocks
sed -i '/^127\.0\.0\.1:$/,+1d' "$FILE"
sed -i '/^123\.123\.234\.234:$/,+1d' "$FILE" # Personal IP - Changed for public visibility
# Remove 192.168.x.x blocks
sed -i '/^192\.168\.[0-9]\{1,3\}\.[0-9]\{1,3\}:$/,+1d' "$FILE"
# Compare original and modified file
if ! cmp -s "$FILE" "$TMP_FILE"; then
echo "Changes detected in $FILE. Restarting Home Assistant Core..."
ha core restart
else
echo "No changes made to $FILE. Skipping restart."
fi
# Clean up
rm "$TMP_FILE"
Add your own regex for your requirements, and it’s “ok”.
It’s not a whitelist by any form, but it deletes any entries on an hourly basis.
We really do need a whitelist function, however. The system shouldn’t be banning itself on a regular basis.
This automation and script is working fine for months but now docker restart homeassistant neither ha core restart working. The ip_bans.yaml is changing so the script runs, only the restart part is not working. Simply no restarting so the complete script is useless. What I am missing or what is changed in HAOS?
configuration.yaml:
shell_command:
check_ipbans: bash /config/check_ipbans.sh
automations.yaml:
alias: Check IP bans
triggers:
- trigger: time_pattern
minutes: /5
enabled: true
actions:
- action: shell_command.check_ipbans
metadata: {}
data: {}
mode: single
/homeassistant/check_ipbans.sh:
#! /bin/bash
ipbans="/config/ip_bans.yaml"
if [ -f $ipbans ]; then
if grep -q "192\.168\.1\." $ipbans; then
sed -i "/192\.168\.1\./,+1d" $ipbans
docker restart homeassistant
# ha core restart
fi
fi
Update: I get
{'stdout': '', 'stderr': '/config/check_ipbans.sh: line 7: docker: command not found', 'returncode': 0}
and
{'stdout': '', 'stderr': '/config/check_ipbans.sh: line 8: ha: command not found', 'returncode': 0}
but why?
Update: Ok its working with another logic but I still dont know why the previously working docker and ha command is not working now…
automations.yaml:
triggers:
- trigger: time_pattern
minutes: /5
enabled: true
actions:
- action: shell_command.check_ipbans
response_variable: check_ipbans_result
data: {}
- if:
- condition: template
value_template: "{{ check_ipbans_result['returncode'] == 100 }}"
then:
- action: homeassistant.restart
data: {}
/homeassistant/check_ipbans.sh:
#! /bin/bash
ipbans="/config/ip_bans.yaml"
if [ -f $ipbans ]; then
if grep -q "192\.168\.1\." $ipbans; then
sed -i "/192\.168\.1\./,+1d" $ipbans
exit 100
fi
fi
exit 0
Hi all,
TL;DR
Can anyone explain in short how this happens?
Background: been running HA since 2021.10 w/ official Android companion app… never had such blockage until lately 2025.06. Home network changed to Unifi network a few months back.
Thanks in advance!
many years later still broke when I do the suggest fix I get\
Invalid config for ‘http’ at configuration.yaml, line 22: ‘ip_ban_whitelist’ is an invalid option for ‘http’, check: http->ip_ban_whitelist
No doubt. There is no core functionality for whitelisting/blacklisting. By the looks of it, the only current workarounds are -
-and-
does GitHub - palfrey/ban_allowlist: Home Assistant plugin to add IP ban whitelisting still work in the current HA version?
idk, I don’t personally use it. I’d assume so considering it was updated a year ago and there’s no issues showing in the github. Worth a try at least…
i use the latest HA Version and it is working for me. Only the notification of HA that something was banned is annoying