I’ve been running Home Assistant in its “core” offering for many, many years. My HA VMs have been running with two interfaces: one connected to my internal network, and one connected to my untrusted IoT network. I use the host firewall to drop all traffic coming in on the untrusted NIC. All HA needs to do is talk to the various devices.
I am considering a move from Core to HAOS for ease of management, but I want to be able to lock that VM down, disallowing all inbound traffic on the untrusted NIC. No web interface, no SSH, no ping, nothing. Is that configuration supported for HAOS?
Understood, thanks for the response! I’d love to see something like this as a feature request.
EDIT: For anyone coming along, I chose to stick with HAOS and used it as motivation to implement the Proxmox VE firewall. My desired configuration can be accomplished by running through the Datacenter FW config and then the VM-specific config, allowing inbound traffic for desired services on the internal NIC while dropping all traffic on the untrusted NIC.