Home assistant on UBUNTU SERVER 20.04

As a matter of fact I not only passed it, I wrote a blog post in detail showing you how you can pass it.
You shouldn’t criticize a technology you know nothing about. I agree with @DavidFW1960 that you really shouldn’t panic other people, when you yourself cannot explain the reason.

There is nothing wrong with IPv6 and in fact, we’ll all be running it in a few years, because as David pointed out, there are no more IPv4 addresses.

My network passes ALL of those tests, because I consciously set it up to work on IPv6. Just like I consciously set up my network to do IPv4. Further, any decent firewall blocks BOTH incoming and outgoing connections. You’re required to configure NAT, DHCP, and port forwards yourself. Anyone typing IP addresses (either v4 or v6 / internally or externally) shouldn’t be passing along advice on networking.

2 Likes

My router won’t (so far as I know) filter outgoing but definitely stops incoming connections I have not explicitly allowed IPv4 AND IPv6. With my HA server, it allows incoming on 2 ports one of which maps to HA via a reverse proxy, the login of which is protected by 2FA as well. The other port will fall foul of 5 incorrect login attempts via fail2ban. Quite apart from the fact that the domain has no way of being contacted externally over IPv4 and uses high non-standard ports I would rate the ‘risk’ I am taking as far less than someone using Duckdns with IPv4 is taking.

David, what are you using as a firewall? Just curious. I’m running pfSense and it most definitely blocks incoming and outgoing.

As for everything else, agreed. All you have to do is run a Shodan search and you can find hundreds of HA installations open on the Internet. Bad mojo there and having a Nabu Casa or DuckDNS proxy doesn’t help. That’s why I run a automation to explicitly disable my Nabu Casa remote access if I’m at home.

Rob I use the firewall in my Fritz!Box. It lets me just open up a port to HA machine but so far as I know it doesn’t filter anything outgoing. I have never seen my system on Shodan. Also when I have viewed the Caddy logs I have not seen any attempted hacks…