Jord I ended up getting a firewalla https://firewalla.com/ you can also build it for “free” you just need a raspberrypi. I have symmetric gigabit internet and the blue works great! 
 

if you want to build it yourself here is where to get the software they run on the tiny raspberry pi they are selling. https://github.com/firewalla/firewalla

bretep Just remember, it uses ARP poisoning just like the Disney Circle...

txgunlover txgunlover yes it does. And it works well. There are traditional inline firewalls you can buy  which are complicated (for consumers) to setup. However I’d prefer to recommend something more consumer friendly, like the firewalla.

ARP poising is bad IF it’s an untrusted device poising maliciously.
 

All the binaries running on this firewalla device are 100% open source. I’ve read the code to see what they are doing, I’ve also linked to the repository and I may even contribute to it. I trust it. 

If you have a reason you don’t like how it works other than the word “poisoning” seeming to be a bad word, I’d love to hear why you think it’s bad. 
 

I think providing a reliable way for consumers to protect their home at little to no cost and allowing them root access to the device and source code is a very good thing. 
 

This is not an untrusted device, like a camera you buy from China running a binary you don’t trust, can’t read and they’re creating a reverse connection back to you. 
 

Ideally Eero would offer their firewall at no cost. These erro devices pack enough resources to handle such rules.   

bretep Recommend you read the head dev's take on ARP poisoning.  You're not taking overhead into account, and the loss of performance, while small to some, is significant to others.

txgunlover as a network and software engineer there is not a significant / noticeable performance issue to. Abuse any concern for any home user or gamer.  If you are running real-time bidding systems or something that is extremely sensitive to latency, than you should probably not host that out of your home or small business, focus on datacenters and buy the equipment that serves your needs. 
 

I could install the routers/switches I make in my home (well I do, but not for my home network) but it’s over kill and I don’t want to play technical support  for home.   

bretep Having been the same for 22 years for for a fortune 100 company, and early CCIE, I respectfully disagree and assure you there is a noticeable performance impact due to ARP poisoning.  A gamer can very well experience this perceived lag.  The smaller the network, the less the impact, but as many home networks approach 100+ devices, it becomes a latency factor.

chanomie Thanks for your patience! As of today, eero now fully supports HomeKit integration. Please make sure your app is updated to version 3.3.1 to use the new feature. You'll need to be at home on your eero WiFi in order to add HomeKit devices. If you run into any questions or concerns, please reach out to support at 877-659-2347 or email support@eero.com! 

Drew Any update on the main issue in this thread?  We all would like to see LAN access with internet blocking become available in the near future.

Drew I'm SUPER excited to have HomeKit Router Support for Eero, and while this does address this feature request for HomeKit devices, it sadly doesn't address it for non-HomeKit devices.

Like I have older SamsungTV's that I would love to give local intranet access, but block from sending TV viewing data back to Samsung.  Since they are older devices, they don't have HomeKit support and this feature doesn't work for them.

+1. Would like to limit Internet access but allow LAN Plex/Time Machine access