[SOLVED] IP ban of some kind?

I am quite positive that my Home Assistant installation (on dedicated x86 hardware) is actively BANNING / blacklisting another host on my network, and only that one specific host.

HA is installed (following official guide for installation on generic x86_64) as 10.0.0.2, everything works perfectly (lovelace is accessible via 8123 and so on) from any device on my network, except my home server, which is also the default gateway of my home network: 10.0.0.1.

At first i tought it was lovelace issues, but after i have installed the SSH addon, i discovered that even SSH connections from 10.0.0.1 are being shut down. Sometimes they connect, then drop, sometimes they will just be “connection refused”.

To me, HA is banning the 10.0.0.1 IP somehow and for some unclear reason.

I have:
ip_ban_enabled = false
and my trusted networks are 10.0.0.0/24.

Also, absolutely NOTHING anywhere in any log file.

Any toughts?

Is there a firewall on some containers inside HA? Is there a Fail2Ban somewhere?

I couldn’t find any iptables or NFT tables rules on the HA host…

Are you sure your connections from your home server originates from 10.0.0.1?
They might originate from yourWAN IP and then get routed to your 10.0.0.0 network which HA might pick up.

Mmm… I am logged in into my home server via ssh and from there, ssh to 10.0.0.2 → login (sometimes), then dropped.

Still from home server, ssh to 10.0.0.3 → ssh to 10.0.0.2, works perfectly.

With tcpdump (from home server, 10.0.0.2) I can see packers RECEIVED from home assitant, and also the REPLIES, that never reach 10.0.0.2.

Since the network is flat (only l3 switches), the return packets from 10.0.0.1 must have reached 10.0.0.2 (no tcpsump on ha to check).

SSH services might be set up with different access lists.
I think HA prevents connects from external IPs as default, which 10.0.0.3 might not.
Once you are on 10.0.0.3 and go from there it will for sure be internal.

Fixed: i was stupid and set HA to the same fixed IP of a long forgotten device that come online all of a sudden.

For future reference: double check your IPs!