Firewall Considerations

I’m new to this but making good progress. Acquired the DigiXstick yesterday and getting good ZigBee connections across my RaspberryPi 4 throughout the house. I played with the ufw firewall and found pretty quickly I could break the service connection by over-constraining a firewall. Any suggestions for firewall settings that minimize risk while still allowing functionality?

For background, I intend to use this system for basic home security, water leak detection and controlling the timing of my hot water re-circulation pump. Additionally I’ll be monitoring connected smoke alarms and triggering their “unbearable whine” via the Rpi GPIO when an intruder enters the abode. Initial efforts make me very optimistic this will work.

Any suggestions/input would be appreciated.

Kevin

1 Like

By default, the gateway listens on ports 8080 and 4443 (TCP). There are some default iptables rules installed that redirect ports 80 and 443 to the other two ports. You’d also want to keep open port 22 (TCP) for SSH access.

However, various add-ons may also listen on other ports, so your firewall setup is going to be entirely dependent on the add-ons you choose to use.

A port scan on my Gateway shows ports 80, 443 and 8080. No ssh port 22 open.

Geoff

SSH is only active if enabled through Settings -> Developer in the UI.