The address homeassistant.local should be a clue if you knew your protocols.
The .local domain is reserved for mDNS and the entire HA setup use it.
Hey!
Thanks!!
Iāve been having issues configuring the HomeKit Bridge integration and turns out port 5353 is also needed for that.
Iāll add here, in case anyone else finds this when looking for ports to open, that adding 5353 (21063 was already open since thatās the only port bridge docs mention) did make bridge pairing stop failing immediately, but then it just stayed loading forever and eventually timed out.
I checked all ports Home Assistant was listening on (netstat -ln) and opened all of these extra UDP ports: 21064 8123 40000 47831 34041 1900 35698 39446 42277 59682. This fixed it!!
Iām not sure which of those is the one needed by HomeKit (the only one I tested individually for now was 21064, and that one does not fix the issue on its own).
Basically what I have rn is:
networking.firewall.allowedUDPPorts = [
# HomeKit Bridge
21063 21064 5353
# Other ports listed as being used by HA (netstat -ln), at least 1 of these also needed by the Bridge
8123 40000 47831 34041 1900 35698 39446 42277 59682
];
I also opened those on TCP just in case.
I wanna test them individually later in order to figure out which port is the one actually affecting HomeKit (maybe they all are since I didnāt have issues with other integrations, but idk). When I figure that out Iāll mention it here or edit this comment to say just the specific ports, but I wanted to already leave this mentioned here just in case someone else has the same problem and finds this post. 
If I figure the specific ports out Iāll probably submit a PR to the docs too in order to list them. I know āhey you need to configure the firewallā is mentioned in other places in the docs, itās obvious you need to open stuff in the firewall, but actually figuring out which ports need to be opened for each integration takes time and I see no reason not to document them if I know them. ^-^
1 Like
8123 is the Home Assistant web interface.
1900 is SSDP (simple service discovery protocol). I donāt know much about it, other than it seems to be related to UPnP (universal plug and play).
On my system, on TCP hass is only listening on 8123 and 40000, and I donāt have 40000 opened for it.
On UDP, HA is listening on:
1900
5353
6666
6667
34159
42448
57271
But I have only opened up 5353 in the firewall. So I donāt know what, if anything, it is expecting on all those other ports.
6666/6667 are apparently related to TinyTuya! Well, that explains why my attempts to mess with those bulbs have been doomed to failure! Yet more lacking documentationā¦
Thanks for prompting me to look into what else HA is listening at. 
FYI, to be sure all those ports are being used by HA and not some other program, check with:
lsof -P | grep hass | grep -e TCP -e UDP