Firewall and Google Home Assistant

donnib · January 20, 2018, 9:09am

Hi,
I just got a Google Home Mini which i would like to integrate to HASS and i can see that it requires that i open up my HASS to the public which i am not big fan off unless i can set up rules in my firewall to allow access only from google servers. Anyone done that ?

Is Amazon Echo any different in this regard i mean having to open up HASS to external access ?

/donnib

Tinkerer · January 20, 2018, 9:36am

The problem is, Google have many IP ranges it’s not as simple as that. You could watch your logs and see what ranges they’re using for you.

I use NGINX, which gives me the ability to only allow POST requests with the user agent including Google-Cloud-Functions, which all the legitimate requests will have. I’ve not bothered though - I run Home Assistant on a random port, and in the last year I’ve seen a grand total of zero probes (never mind attempts) in my logs.

Alternatively, wait for the cloud: component to deliver Google Home integration. That should hopefully turn up over the next few months.

As for the Echo, if you use alexa: you also need to open up access. Only emulated_hue: doesn’t require you to open ports.

donnib · January 20, 2018, 9:41am

Cool thanks for the reply, yes i was kind of expecting that but i was thinking maybe i could use a wildcard and use hostnames in the firewall. I could go ahead and do it then monitor how the server get’s contacted to see if there are anyway i could allow only from Google.

Tinkerer · January 20, 2018, 9:42am

Don’t ever use reverse DNS for filtering. Anybody could set up a reverse DNS to claim to be Google.

Hs82H · February 27, 2020, 8:28pm

Two years later already, but I was having the same question. I did find a solution and I post it so maybe others can use this information.

I tested for some weeks which IP addresses accessed my HA. This resulted in the following 3 ranges for Google Assistant:

66.249.93.0/24
66.102.9.0/24
108.177.64.149

I set up my firewall for these and GA is working perfectly for many weeks already.

PhilippS · May 20, 2020, 10:05pm

@Hs82H Thank you very much. It works really well. But I saw a request on my firewall from the address 108.177.64.49. For this reason, I have had to expand the area. My current config is the following:

66.249.93.0/24
66.102.9.0/24
108.177.64.0/24

Hs82H · May 25, 2020, 6:47am

Thanks Philipp! I noticed it was working 99% of the times and I could figure out why it didn’t for the last 1%. This solves the issue!

Geeforce · January 29, 2022, 9:02pm

Almost 2 years later again. I want to set up Google Home manually, so do these 3 ranges still work?

tonih · January 20, 2024, 1:18am

Another 2 years later and apparently the ranges are not working anymore, at least not for me
Does anybody know the new ones or is it still working for somebody else?