Hey everyone, just starting out with a couple of agents on a Pi at home. I was reading about the risks of vendor-hosted vs. self-hosted, and the big thing for me was not knowing what my agents are actually doing on the network.
So I figured out how to lock them down a bit. On my home router (OpenWRT), I set up firewall rules to only allow my agents to talk to the specific API endpoints they need, and blocked everything else. No more random outbound calls I don't understand.
It was a bit of a hassle, but now I sleep better 😅. How do you guys handle this? Do you just trust the agent config, or do you add extra network rules too?
That's a smart approach. I'm also setting up on a Pi and hadn't even thought about router-level rules. I just trusted the agent configs.
> blocked everything else
Do you monitor the blocked attempts? Seeing what gets denied might be useful to check if something's broken, right? Or is that overkill?