20

Block devices from Internet but allow local LAN

tl;dr - The current 'Block device' feature blocks the device from joining the local network entirely. It would be very useful to have an additional type of blocking mode that allows full local LAN access, but prevents outbound Internet connections.

Use-case: The main one (for me) is mainly for the millions of IoT devices that people have in their homes. The grand majority of these are not designed with security in mind (default root passwords, lots of unnecessary calls to cloud services for various data reporting, inability to even change these settings, etc.). Lots of the botnets these days are actually composed of these types of devices. Being able to use them in home via bluetooth and wifi (say, a light switch controller, a vaccuum, a kitchen appliance) but blocking them from outbound internet connections would be very useful.

Description of feature:  It’s all about being able to allow a device to talk to the local network (for example 192.168.1.0/24) but then be blocked in any outbound, non-local-subnet connections (i.e. those that will hit the default route (192.168.1.1 in this example) and then be NAT’d by the eero to the public address). The current feature acts more like blocking a switch port… if you block a device, it can literally talk to nothing (including 192.168.1.0/24 in this example).

8replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Hey  jsmith

    Thanks for taking the time to share this feedback with the community. I'm happy to share this with our team.

    In the meantime, if you haven't already, I'd also encourage taking a look at our eero Plus service. With built-in threat scanning, eero Plus can automatically block IoT devices from joining known botnets. For more information, visit https://eero.com/shop/eero-plus .

    Reply Like
  • Yup, I'm already an eero Plus user and love the features it provides :) While I do think that preventing access to known botnets with that service is great to have, there's always new endpoints popping up (common technique for attackers) that take some time to make it to the 'known-bad' block lists, often days or weeks unless an Internet-wide attack (massive DDoS or something) is underway. The other significant part of this request, aside from outgoing botnet traffic, is that there are a ton of devices that report all kinds of data back to cloud services that a user should be able to shut off for privacy reasons. Like for instance, many smart TVs allow you to mirror a mobile or laptop to the screen via wifi, which is a cool feature. However, almost all of them also connect to the Internet to send a *ton* of data about your usage habits (and even continuous audio samples in some cases!). In that case, this feature would allow blocking from Internet to preserve privacy while still letting you use the local features you want.

    The only other point I'd make is that many people have some wifi devices that have no business whatsoever connecting to the Internet (lights, switches, outlets, etc.) but do need local wifi to operate. It would be really convenient to just set this proposed feature and forget about trying to do something more complicated to monitor them for misbehavior (or more likely for most folks, ignore the risk until something bad happens).

    Reply Like 1
  • Yes! I need this! I have so many iot devices I would like to block from the internet. 

    Reply Like
  • I too want this, I have a Robovac that sends statistics to Xiaomi, without really consenting

    Reply Like 1
  • YES! Need to keep my Harmony Hub from updating firmware and nuking all the local API calls I enjoy, but if I block it totally, it doesn't function at all.

    Reply Like 1
  • Any more on this?

    I too would like to see this capability. I too already have eero Plus.

    And rather than assume that eero Plus is going to automagically block my iOT devices from calling home to China or wherever else with whatever data they can mine from my systems, I want the capability to actively control outbound data connections.

    Hopefully this is being worked.

    Reply Like 1
  • Another +1 for this. I could really use this for my TV. I need LAN access for AirPlay, but I don't want the TV reporting my viewing back to Vizio/LG/Samsung/etc.

    Reply Like 1
  • I found this page googling for whether this is a feature. Count me in!!

     

    I’m guessing 2019 is the year the lid gets blown of how much spying IoT devices are doing. I would like to pay eero and Apple to protect me from that. 

    Reply Like 1
Like20 Follow
  • Status Under Consideration
  • 20 Likes
  • 11 days agoLast active
  • 8Replies
  • 294Views
  • 9 Following

Need Help? We're here for you!

We're big on support, and we want to make sure you always have the best eero experience possible. Here are several resources you can use if you ever need our help!


Quick links

Community Guidelines

Help Center

Contact eero support

@eerosupport

eero.com