diff --git a/docker-compose.yml b/docker-compose.yml
index 21f1da6..07985a9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -18,6 +18,8 @@ services:
       - ./config/acme.json:/acme.json:rw
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
+    extra_hosts:
+      - "host.docker.internal:host-gateway"
     labels:
       - "traefik.enable=true"
       - "traefik.http.middlewares.traefik-auth.basicauth.users=mrdev023:$$2y$$05$$t51tXUW6zO9dndSK1JEFS.utJ3th/RYVSgDlouOZhUigjbkTX1zQC$$" 
diff --git a/firewall b/firewall
index 22888b8..1479a98 100755
--- a/firewall
+++ b/firewall
@@ -72,9 +72,6 @@ iptables -A OUTPUT -p tcp --dport 2277 -j ACCEPT # ACCEPT SSH OUTPUT LIKE GITLAB
 iptables -A INPUT -p icmp -j ACCEPT
 iptables -A OUTPUT -p icmp -j ACCEPT
 
-# CHROMECAST
-iptables -A OUTPUT -p tcp --dport 5555 -j ACCEPT
-
 # Parer les attaques de type Déni de Service
 iptables -A FORWARD -p tcp --syn -m limit --limit 1/second -j ACCEPT
 iptables -A FORWARD -p udp -m limit --limit 1/second -j ACCEPT
@@ -82,3 +79,6 @@ iptables -A FORWARD -p icmp --icmp-type echo-request -m limit --limit 1/second -
 
 # Parer les scans de ports
 iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit --limit 1/s -j ACCEPT
+
+# Allow all from private network and docker network
+iptables -A INPUT -j ACCEPT -d 172.17.0.0/16
diff --git a/home_assistant/docker-compose.yml b/home_assistant/docker-compose.yml
index 9e7397f..b7a3a0d 100644
--- a/home_assistant/docker-compose.yml
+++ b/home_assistant/docker-compose.yml
@@ -10,13 +10,9 @@ services:
     volumes:
       - home_assistant_config:/config
       - /etc/localtime:/etc/localtime:ro
-    ports:
-      - 8123:8123
     network_mode: host
-    cap_add:
-      - NET_ADMIN
-      - NET_BIND_SERVICE
-      - SYS_ADMIN
+    expose:
+      - 8123
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.homeassistant-secure.entrypoints=https"