Need to block an IP on my local network to HA PI

Jim · April 4, 2019, 4:09pm

Hello, I need to block an IP, it’s an echo dot with a static IP, from seeing my Hass.io Pi. Before Hassio, I used UFW on the PI to do it, but see there isn’t a firewall now.
Is there a way to do this with Hassio?
thanks
jim

anon34565116 · April 4, 2019, 4:14pm

I think there is a blocked networks setting? Just use a /32 mask or 255.255.255.255 netmask to specify one ip address.

silvrr · April 4, 2019, 4:18pm

Enable IP ban in the http section of your config.

Add a new entry following the format linked below in a new file named ip_bans.yaml

Jim · April 4, 2019, 4:36pm

Hi silvrr,
I did add the http block, thanks for that it is good to know, but it didn’t block the dots from accessing the emulated _hue. I’ve should have mentioned that one in the original post.
The reason to block the dots is so they do not discover any devices on my HA, so I need just to block them totally from the Hassio PI.
I’ll keep on looking - Thanks for your help.

silvrr · April 4, 2019, 4:48pm

ahhh, I think the http block only blocks the 8123 frontend and api. The emulated hue service is on 8300.

I assume you have something else, another echo, that you want to access the bridge?

anon34565116 · April 4, 2019, 5:01pm

Are you running the Hass.io image or Hass.io on Linux?
If on Linux you should be able to use the OS firewall to block access.

Jim · April 4, 2019, 5:06pm

Yes, I have two echos I want to block, in my mothers house, all mine see the devices.
Don’t want her turning off and on my stuff

silvrr · April 4, 2019, 5:10pm

Are the echos in your mothers house on the same network and/or are they linked to the same account?

Jim · April 4, 2019, 5:10pm

I’m running the image on a PI3. I did use UFW before I went to the Hass.io image.

Jim · April 4, 2019, 5:14pm

They are on a different Amazon account, same network. We all live on the same farm. I bought a wireless mesh to cover the place. So I can’t use my network firewall to block the LAN ips. They all go thru the wireless.

tom_l · April 4, 2019, 11:18pm

How about turning off discovery for dots and manually specifying yours?

Jim · April 7, 2019, 1:14am

That would work, I use the customize.yaml file to turn off hue discovery for a lot of things. I do have quite a few things and scripts to add, then if Alexa forgot all, that would suck Not real sure how you would add a light or script if the echo didn’t discover it.
SO, I’ve decided to try to make my own add-on with UFW firewall. If DHCP, SSH and stuff works, seems like I could do a UFW.
Having a firewall on the HA PI would be useful in a lot of situations, if on a network with others or just to block all ports but 8123, 443 and 22.
Will be my first one - so should be fun. I’m sure I’ll lock myself out at one point
Thanks all.

Jim · April 7, 2019, 2:01am

BTW - if making a firewall add-on isn’t possible, someone pls shout out.
Thanks

jung_jm · December 15, 2022, 7:23am

hi , im interested on how you build the firewall