How to pass firewall using PlatformIO espota ArduinOTA upload

ArduinoOTA’s protocol tries to connect to the host which is trying to program the device on a randomly chosen port. This often leads to the packets being filtered in a firewall since no rule exists to pass the packet and they are not related to an existing connection.

You could create a firewall rule to pass all traffic from the ESP8266/ESP32 to the programming host, but that is extremely insecure since it allows a hacked IoT device to hack your devices.

In order to fix it, add a fixed host port in platformio.ini using

example-3.ini

and add these firewall rules:

example-2.txt

allow from <IoT device> to <programming host> port 55190 TCP

allow from <IoT device> to <programming host> port 55190 TCP

Complete `platformio.ini` example:

example-1.ini

extends = env:d1_mini
upload_protocol = espota
upload_port = 192.168.178.25
upload_flags = --host_port=55910

extends = env:d1_mini
upload_protocol = espota
upload_port = 192.168.178.25
upload_flags = --host_port=55910

Check out similar posts by category: Embedded, ESP8266/ESP32, PlatformIO

If this post helped you, please consider buying me a coffee or donating via PayPal to support research & publishing of new posts on TechOverflow

Buy me a coffee

Complete platformio.ini example:

Complete `platformio.ini` example: