Hello all,
I have to install home assistant (under debian & docker) but I wonder which is the best network to put it on.
Main (trusted) network with firewall rules to access to IoT lan?
Directly on IoT?
Give it both interfaces (and apply many rules to the firewall)?
I am for the first option because my fear is that someone could use some firmware bug or vulnerability to access and control my house via home assistant. is it right?
Could you give me some suggestions?
I asked a similar question a while back when looking for a replacement for Smart Things. My original thought was to set it up on my main VLAN (so I could access it) then move it to IOT so it would be isolated. However then the only way to control things would be through Home Assistant Cloud, or some other remote setup.
Other people suggested alternatives, but most of them seemed to involve poking holes (in my opinion) in the firewall. The alternative that I liked the best out of the suggestions though was having a dual NIC device that could live on both VLANs (the IOT and main VLAN). However, even on this solution, I don’t believe things are truly separated. (My worry)
I don’t think I’ve heard of a story / instance of a bad device infecting others and allowing control over the whole smart house sort of situation. Usually in the IOT stuff when I hear these stories it’s a manufacturer using default passwords or passwords getting leaked or something, and then devices getting compromised. For example, garage door openers recently that could be accessed, there have been many cameras this has happened too (I had some many years ago that happened to). In these cases the exploit was isolated to the device itself. I know in my case I could just change the password to my cameras and eliminate the issue luckily. (They’ve since been replaced) I think the point is though, unless your “home Assistant” device itself is compromised I don’t think they’ll be able to control your house.
Thanks for the reply
So can i put home assistant on iot network without (or at least few 
) worries?
Personally thats where I would put it. I prefer the IOT stuff to be completely isolated from the rest of my network. I ended up still staying with Smart things for the moment. However Smart Things and all my Cameras are on my IOT VLAN, completely isolated from everything else.
As mentioned though the complication with home assistant is you need access to it temporarily to setup it up / configure it. So it will involve using temporary rules or moving it between VLANs temporarily to get it configured.
The video and the tutorial should provide you with some useful information:
thank you both, I will use the iot lan 
You can also check this thread for more ideas - Home Assistant VLANs / security risk? - #3 by daninmanchester