DuckDNS HTTPS, Firewalla Malicious Site Attempts

Tags: #<Tag:0x00007f3274b79ff0>

I might be worrying for no reason, just thought I’d see what people more knowledgeable than me thought. My Setup:

Home assistant running on Raspberry Pi 4
DuckDNS.org with LetsEncrypt SSL
NGINX Home Assistant SSL proxy
Firewalla Gold

I followed the setup as detailed including router port forwarding, but was still having issues. Finally narrowed down to the Firewalla blocking all internet traffic rule. I tried adding a rule to allow port 443 on the Raspberry Pi but no luck. Next added a rule for just my Raspberry Pi to allow all internet traffic to/from the device. This allowed external access, port 443 is shown as open.

I’ve since gotten many alerts (30 in the last two days) about malicious IPs trying to access my Raspberry Pi. Should I worry about this, or should the combination of DuckDNS, LetsEncrypt and Firewalla provide sufficient enough security as could be hoped for while still allowing external access?

I’ve never used it but your firewall is probably doing nothing because of this:

1 Like

That’s what I expected with how it’s worded, but luckily the Firewalla is still catching and blocking what it deems malicious IP addresses attempting to access my Raspberry Pi.

I’ve only been enabling the rule when I’m away from home, but I have a support ticket in with Firewalla.

Just in case someone else using Firewalla comes across this, I talked to Firewalla support team. They don’t currently support external access to internal port with the “allow port XXX” rule, only internal to remote port. They plan on adding this in the next month or two.

Basically as long as you’re only forwarding the port you’re using, not really much difference even though the rule says “Allow All Internet Traffic”. The Firewall still blocks malicious attempts at accessing the Home Assistant.

They did mention that many malicious services actively scan the internet for Port 443 and other standard ports being open and attack those. They recommended changing from using Port 443 to another non-standard port. I just did so, should reduce the number of attacks I’m getting.

I have a firewalla red and have used the VPN setup to access my home network. I do not have any other external access configured (DuckDNS etc) or ports open. When I want to connect to HA, I connect the VPN and my dashboards update.