Hello,
I’m running hassio on a Raspberry Pi. How could I set firewall rules (e.g. using Iptables) so that the public interface is just exposed to a set of well-known IPs?
thanks!
You don’t do that with hass.io. Look at the http component where you can set trusted networks and IPv6 bans and other things.
Thanks @DavidFW1960. I had looked at the http component already but I’m not sure it does what I need. The use case here is that I have an external system that will call HA via web hooks. So, I want to expose the RESTAPI just to those source IPs.
Inside the HTTP component we have the trusted_networks parameter, which allows to bypass authentication and the ip_ban_enabled, which is something like a fail2ban, but none of them implement an operating system level filtering. Hence I was wonder if it would be possible to write simple Iptables rules to only allow access to RESTAPI port for specific networks.
HassOS is not a general distro. It’s an appliance
And appliances, specially in the IoT world we live in and where HA belongs to, need to be secure too 
But I get the point. I’ll implement security via an external firewall on my LAN.
Thanks all for the information.
1 Like