Dear community,
I want to configure the ufw firewall on the linux server hosting the homeassistant supervisor installation connected to a homematic ccu3. Are there any best practices to do that? What ports needs to be opened on the linux server side? I tried port 2010 and 9292 (like configured in the homeassistant configuration.yaml. With ufw firewall off, the connection is perfectly working. With firewall on, the connection is disturbed.
Thank you for your support
Thomas
If I recall correctly then port 2000 and 2001 is needed too for homematic
A late reply, but a reply.
Thank you 
Outgoing (from Home Assistant to the CCU) it’s 2000 etc… However there is also a reverse connection from the CCU to Home Assistant over which the events are pushed. By default a random high port is allocated for this. If you want to restrict the inbound connections you therefore have to set a static local_port, which tells the CCU to connect to this port. This port can then be allowed within the firewall on the Home Assistant machine.
The port is not configured on the CCU. Home Assistant tells the CCU which port to use. And the setting for that is what I have linked in my answer above already. If you set a static port with this option, then that’s the port for which you have to allow incoming traffic in ufw.