Block devices from Internet but allow local LAN
tl;dr - The current 'Block device' feature blocks the device from joining the local network entirely. It would be very useful to have an additional type of blocking mode that allows full local LAN access, but prevents outbound Internet connections.
Use-case: The main one (for me) is mainly for the millions of IoT devices that people have in their homes. The grand majority of these are not designed with security in mind (default root passwords, lots of unnecessary calls to cloud services for various data reporting, inability to even change these settings, etc.). Lots of the botnets these days are actually composed of these types of devices. Being able to use them in home via bluetooth and wifi (say, a light switch controller, a vaccuum, a kitchen appliance) but blocking them from outbound internet connections would be very useful.
Description of feature: It’s all about being able to allow a device to talk to the local network (for example 192.168.1.0/24) but then be blocked in any outbound, non-local-subnet connections (i.e. those that will hit the default route (192.168.1.1 in this example) and then be NAT’d by the eero to the public address). The current feature acts more like blocking a switch port… if you block a device, it can literally talk to nothing (including 192.168.1.0/24 in this example).
Isn't this implemented now? I seem to be doing via a profile and using a schedule to block internet access from 12am-12am, 7 days a week.
Am I missing something here? By internet access does it mean no access outside the local network or is it only blocking websites?
To be clear, I'm not using whitelisting/blacklisting, I'm using a profile. I named the profile "No Internet Access" and the profile contains a "Pause Internet" schedule which is active 24 hours a day, 7 days a week.
If the pause internet function of the eero actually blocks all internet access, then this should be working correctly. So far it seems to be blocking all internet access, and I can still talk to the camera locally and grab video from it, so it is working locally.
(sorry these pix seem to be obnoxiously large)
Are there any updates on this?
How is this not a feature yet? I'm not paying for eero plug for this simple request.
After 4 years and no fix from Eeros, I suppose we aren't going to see one.
Is this a hard thing to implement or just something they don't want to implement for one reason or another?
All the same, it makes me contemplating switching out my mesh. Does anybody know if Orby or TP-Link offer the abilty to allow specific devices onto the internet while blocking others?
We retired our eero mesh and moved on as eero refused to implement a basic feature that EVERY OTHER reputable router manufacturer supports. And as the go-to person for family and friends who need tech advice, I will always respond with "Not eero" when asked for router and mesh recommendations. Eero, you've displayed a complete disregard for basic security practices and hefted a huge middle finger to your user base on this one. Good riddance.
I had several emails back and forth with customer service to find some way to isolote traffic from the internet to include vlans, static routes and internet pausing, none of which either are features or have the intended affect. Nor did the customer rep even understan my issue and kept recommending that I double NAT the mesh system which without other features doesn't help at all. I am pretty sure there was no feedback to the developers to add a feature for this.
But hey, they do have dark mode now on the app, so there's that.
That being said, there are not many mesh wifi routers that offer these security features. Best option I could come up with is to use mesh wifi for devices you are comfortable with accessing internet and a seperate hardware solution for devices you want to isolate or have more control over. Though this may lead you to getting rid of the mesh all together. Routers with large enough wifi coverage for your purpose is probably gonna be just as good compare to a mesh system.
Any update on this from Eero? I‘m due for an upgrade and am currently considering alternatives to Eero due to this basic functionality still missing after many years which is a shame since I really like the system otherwise.
And no, Eero Plus (that I’m subscribed too) does not replace the need to isolate sensitive devices such as security cameras and rarely updated IoT devices.
No update. It’s a shame. Buy another product.
Eero is clearly not listening to a vital part of their customer base. It’s apparent to me that they do not care about privacy and this matter.
such a shame
- Status Under Consideration
- 8 days agoLast active