0

I'm running Home Assistant in my home network and in order for Google Home to interact with it, the system must be accessible from the outside.

I don't want the open port to appear on any scan against my external ip, therefore I wanted to restrict the NAT rule from "Source : any" to an alias containing only the subnets that Google uses to contact my network.

I soon realised that there are way too many of them to enter them manually. Every time I trigger it I see a different subnet popping up in the logs. The logical (and correct) thing to do would be to lookup the source IP and see if resolves to anything that ends with "google.com" but I can't find a way to do it inside pfSense

Any other idea is welcome.

Improve this question

1 Answer 1

Reset to default
0

It turns out they were not that many after all. These networks seem to cover the whole range

66.102.6.0/23
66.102.8.0/23
108.177.64.0/20
66.249.80.0/21
66.249.88.0/22
66.249.92.0/23

EDIT: The following only works for the app. The Echo Dot does not work.

Same for Amazon Alexa:

3.248.0.0/13
34.192.0.0/10
52.192.0.0/12
52.208.0.0/13
52.216.0.0/14
52.220.0.0/15
52.222.0.0/16
176.34.0.0/16
54.64.0.0/11
54.224.0.0/11
I'll set up firewall monitoring anyway and check in a month or so if there is any blocked IP address that resolves to amazonaws.com or google.com
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .