I just discovered that my Home Assistant instance creates a port forward for itself on the default 8123 port with UPnP on my router. I think I will disable UPnP entirely, but I want to understand what is happening.
I have the discovery component commented out and I don’t have the upnp component enabled either in configuration.yaml. Despite this, I see that port forward there, and I doubt something else added it (I have “miniupnp” as the reason in my router (which I assume is the library that does it from within HA).
Apart from this, I see a lot of components (including upnp) loaded by homeassistant.loader in the logs during the startup, which I definitely don’t use, and they were not discovered at any point in time previously.
2019-06-08 15:42:17 INFO (SyncWorker_13) [homeassistant.loader] Loaded upnp from homeassistant.components.upnp
I’m using Home Assistant 0.94.1 with this docker image on my RPi2: https://hub.docker.com/r/homeassistant/raspberrypi2-homeassistant (so not hass.io., but my own docker installation on Raspbian Jessie).
Is there any way to block the loading of all the unnecessary components? This is a huge security risk and I don’t see anywhere documented. Please if somebody understands what’s going on, I’d like some pointers.
Thanks,
Attila