is there any way “within” home assistant to block port scanning or access from a specific IP address or range?
I want a VM with home assistant on it to effectively be invisible to one specific machine on my network with a fixed ip address.
I understand 100% that this isn’t what home assistant is designed for, and that this is better done using other network tools, I have those tools and know how to set this up on them, so I don’t need any help with that.
I’m looking for something that’s 100% local to home assistant and uses no external tools. nothing at all outside of home assistant. or in the vm software. it has to be from hoas itself.
If this isn’t possible then it isn’t possible, I don’t need any help looking for alternatives, they’re already in and running well.
ip_bans.yaml alt. Trusted Networks
Not sure that satisfies your need , on the other hand i also don’t know whether it’s local IP addresses or"Range" you have in mind, Or Public, nor why you can’t use your “Other Working Tools” for this purpose
ip_bans.yaml does not stop tcp connections or port scans. You will need to move down in the network layers to get what you requested, not from HAOS. Since you already have these tools I would look at that.
Big (unanswered) Question is, What is he asking for … Apparently he has a few Local IP Devices he claims “Scans Port” and/or trying to “Access HA” … Could it be so easy that it’s those Devices which Broadcast it’s Presents ( within HA’s Lan )?
hypothetical: you have some smart TV that automatically look for all media source on your Lan, you want them to automatically discover anything new on any available port or service that they support including ha.
but you have one that wants to see everything but ha. you can’t block it on the smart TV as it let’s you see everything or nothing, and walling it off using vlan or other conventional solutions causes other problems.
so you want ha to appear dark to that one address on all ports and services. not a refused connection or password a screen, just as if the ip address did not have a device on it.
if it can’t be done I can’t be done, but the things that ha can do has surprised me in the past.
HA has autodiscovery, zeroconf and SSDP in " Default-conf " but i assume you don’t want to disable this
This TV which you want “Blacked Out” i assume you haven’t "installed/granted access to HA ? ,
What happens if you just Click “Ignore” when this Device turns up in HA ? , Then this IP/Device will remain Ignored, thus no access
PS: Best Way is still a simple FW-Rule in Your Router
What you want isn’t a HA function it’s network you’re looking at your gear. Ha cannot do what you want it does not have a box wide stateful firewall. You’re asking for stateful inspection to filter specific traffic from specific callers on specific ports.
Which indicates, it’s Not his TV, but an App on/from his TV, And that he Probably has the same App on the Other TV as well as In HA … i.e Kodi ( Which is i.e Configured with Same Credentials etc.)
You did, but you didn’t/haven’t presented your Use-Case in specific, so …
Sorry, i got “Confused” , maybe it’s the way you express Your self … Either Way, a FW is an FW, Why "Let the Traffic travels all the way, Just to be Rejected !, ( Or get no response, because HA( And it’s IP “doesn’t exist” , Beside in the Router’s Iptable, Various Devices mDNS etc)
I’m moving a lot of things to HA so that I can control and automate them centrally on a single custom console, and it’s fun to experiment.
most of my non ha managed hardware doesn’t come with things like geofencing and it doesn’t support rfid tags. HA can let me add it in.
For example setting a rule that will prevent something from being done or used when I’m away. or having a machine behave differently on different days of the week. if something can have its settings altered by Web hooks I can add schedules to something that doesn’t natively support it.
