search

esphome / feature-requests

ESPHome Feature Request Tracker
https://esphome.io/
420 stars 26 forks source link

OTA source address filtering #2834

Open dwmw2 opened 3 months ago

dwmw2 commented 3 months ago

Describe the problem you have/What new integration you would like Some of my esphome devices have public IP addresses, and I'd quite like to block external connectivity to OTA. A password helps, but I'd prefer not to expose it at all.

Please describe your use case for this integration and alternatives you've tried: An alternative in some cases might be to set the listen address. Currently the OTA code just uses socket::set_sockaddr_any(), which will listen on either IPv6 :: or the Legacy IP 0.0.0.0 automatically. In some cases, forcing it to listen on Legacy IP only might suffice.

Additional context It could be as simple as making the on_begin callback (or a new callback) able to see the connecting address, and abort the connection if it wants to. Users could then write their own conditions.

nagyrobi commented 3 months ago

A sidenote, see also https://github.com/dentra/esphome-components/tree/master/components/otax