Hi,
I am new to HA (but have some experience with Domoticz) and still learning, so please bear with me.
I locked down my local networks, and have a separate IoT network. This subnet doesn’t have any Internet connectivity, except for what is needed.
However I can’t find the recommended ACL settings, not in the documentation and not on the Forum either.
So far I have added the following outgoing rules to my firewall:
From HA to DNS Servers, UDP/53
From HA to my mailserver, TCP/25
From HA to version.home-assistant.io, ANY port
(To keep things maintainable, I prefer hostnames in my ACLs, so any IP change on the HA side doesn’t break my firewall connectivity)
version.home-assistant.io resolves to 3 IP addresses:
;; ANSWER SECTION:
version.home-assistant.io. 300 IN A 104.26.5.238
version.home-assistant.io. 300 IN A 172.67.68.90
version.home-assistant.io. 300 IN A 104.26.4.238
With this setup almost everything seems to function. I get the message an update is available, but when I click through to update, I get the message there isn’t an update available.
So the bottom-line question is: What ACLs do I need for which standard functionality of Home Assistant?
Regards,
Marcel