HA Security scare and external access

Right, don’t shout at me. I know I could almost certainly find some answers if I looked but the very fact that I am asking shows that I am not confident enough of my network security knowledge to act on what I might find out and then piece together without fear of maybe making things worse.

In light of the latest security scare on here I started to wonder whether I should close my HA to the outside world. It would be a shame - I like that ability.

But not that often.

So my question is, is there simple way to switch outside access on and off. The only way I know would be the obvious but inconvenient, closing of the port on the router? What would be really cool would be a way to close external access programmatically from inside HA.

Personally I use hassio, DuckDNS with Lets Encrypt, I have one port open and use a strong password with 5 logon attempts allowed. I have the Samba, Mosquitto (with password) and SSH server add-ons and I also use Dasshio and TasmoAdmin.

Thanks for any (constructive) answers. And by constructive I include, “don’t be stupid this completely impossible, just close the port”, if that is the case

I think having a “listen on” directive in the http config would be a good idea, similar to “trusted_networks”, but mandating HA to only allow connections from a given network. This, with control via the frontend would achieve the ability to restrict connections to, say, your LAN, or the world, or certain IPs. But if you accidentally got it wrong from the office, you’d have to go home to open it up again! But alas such a setting does not presently exist.

Perhaps using a VPN is the safest way.

I didn’t catch that, could you provide a link?