Block devices from Internet but allow local LAN

jsmith
5 yrs ago
91replies
Under Consideration

tl;dr - The current 'Block device' feature blocks the device from joining the local network entirely. It would be very useful to have an additional type of blocking mode that allows full local LAN access, but prevents outbound Internet connections.

Use-case: The main one (for me) is mainly for the millions of IoT devices that people have in their homes. The grand majority of these are not designed with security in mind (default root passwords, lots of unnecessary calls to cloud services for various data reporting, inability to even change these settings, etc.). Lots of the botnets these days are actually composed of these types of devices. Being able to use them in home via bluetooth and wifi (say, a light switch controller, a vaccuum, a kitchen appliance) but blocking them from outbound internet connections would be very useful.

Description of feature: It’s all about being able to allow a device to talk to the local network (for example 192.168.1.0/24) but then be blocked in any outbound, non-local-subnet connections (i.e. those that will hit the default route (192.168.1.1 in this example) and then be NAT’d by the eero to the public address). The current feature acts more like blocking a switch port… if you block a device, it can literally talk to nothing (including 192.168.1.0/24 in this example).

- Bob111
- 1 yr ago
- Reported - view
Isn't this implemented now? I seem to be doing via a profile and using a schedule to block internet access from 12am-12am, 7 days a week.

Am I missing something here? By internet access does it mean no access outside the local network or is it only blocking websites?
- Bob111
  
  1 yr ago
  
  Reported - view
  racor yes, it seems to be working that way, though I haven't checked to see if internet is completely blocked or only blocking 80 and 443. Maybe eero knows that answer to that.
  
  It's a chinese webcam that i have connected to Homekit via Homebridge, it is still talking to homekit but I notice that the camera's light is blinking, which indicates it can't phone home right now, so I think it is in fact allowing LAN access but blocking WAN access.
  
  I just got my eero, I'm hoping this isn't a feature of the "free" trial of the Secure+ upsell, I'd be upset if I had to pay to block internet access.
- gtreece
  
  1 yr ago
  
  Reported - view
  Bob111 interesting..i use the profiles to, but i don't consider white/blacklisting sites in a profile as the cleanest of solutions, i'd rather just shut the access and not worry about missing something. Also, my eero has 'block from network', which prevents the device from communicating on my internal network if it has to go thru the router...fortunately devices at the switch level can still talk to each other. i have a 2 node mesh, and i suspect that devices on a switch off of one node will not be able to talk to devices on the switch off of the other node.
- Bob111
- 1 yr ago
- Reported - view
To be clear, I'm not using whitelisting/blacklisting, I'm using a profile. I named the profile "No Internet Access" and the profile contains a "Pause Internet" schedule which is active 24 hours a day, 7 days a week.

If the pause internet function of the eero actually blocks all internet access, then this should be working correctly. So far it seems to be blocking all internet access, and I can still talk to the camera locally and grab video from it, so it is working locally.

(sorry these pix seem to be obnoxiously large)
- gtreece
  
  1 yr ago
  
  Reported - view
  Bob111 you are correct! i had not explored that option, but yes- it looks to be the way to do what i need... much appreciated!
- Bob111
  
  1 yr ago
  
  Reported - view
  gtreece meh. turns out it's doing a lot more than blocking internet access now. Certain things I can still do, like get an rstp stream from the camera, but i can't get snapshots from the http port of the camera anymore.
  
  Experimented with a couple of local printers and it made them unusable. They're connected to wifi and all, but I can't print to them, can't ping them, etc.
  
  I'll just check eero's documentation on how the Pause Internet actually works. I'm kidding, of course, eero doesn't really document anything for the user.
- gtreece
  
  1 yr ago
  
  Reported - view
  Bob111 - not good. I've been having issues in general with my Amazon music streams keep getting dropped. I've read that that is fairly common. i had 2 cameras drop this morning, but have not investigated yet.
- asad
- 7 mths ago
- Reported - view
Are there any updates on this?
- Nerfwifi
- 6 mths ago
- Reported - view
How is this not a feature yet? I'm not paying for eero plug for this simple request.
- Tmacaddress
- 5 mths ago
- Reported - view
After 4 years and no fix from Eeros, I suppose we aren't going to see one.

Is this a hard thing to implement or just something they don't want to implement for one reason or another?

All the same, it makes me contemplating switching out my mesh. Does anybody know if Orby or TP-Link offer the abilty to allow specific devices onto the internet while blocking others?
- markles
  
  4 mths ago
  
  Reported - view
  Tmacaddress Yes, TP Link does. As does Asus.
- markles
- 4 mths ago
- Reported - view
We retired our eero mesh and moved on as eero refused to implement a basic feature that EVERY OTHER reputable router manufacturer supports. And as the go-to person for family and friends who need tech advice, I will always respond with "Not eero" when asked for router and mesh recommendations. Eero, you've displayed a complete disregard for basic security practices and hefted a huge middle finger to your user base on this one. Good riddance.
- NetworkinngGuru
  
  4 mths ago
  
  Reported - view
  markles we did the same. If you end up on this thread searching for a solution and thinking of buying an EERO, don’t. Return your EERO or don’t order it if you can. This is extremely brutal disregard for modern security practices.
- Mjoy99
- 3 mths ago
- Reported - view
I had several emails back and forth with customer service to find some way to isolote traffic from the internet to include vlans, static routes and internet pausing, none of which either are features or have the intended affect. Nor did the customer rep even understan my issue and kept recommending that I double NAT the mesh system which without other features doesn't help at all. I am pretty sure there was no feedback to the developers to add a feature for this.

But hey, they do have dark mode now on the app, so there's that.

That being said, there are not many mesh wifi routers that offer these security features. Best option I could come up with is to use mesh wifi for devices you are comfortable with accessing internet and a seperate hardware solution for devices you want to isolate or have more control over. Though this may lead you to getting rid of the mesh all together. Routers with large enough wifi coverage for your purpose is probably gonna be just as good compare to a mesh system.
- NetworkinngGuru
  
  3 mths ago
  
  Reported - view
  Mjoy99 not quite true. There is google mesh which I used before, that allows you to create a “group” for which internet access is paused permanently.
- Jord
- 8 days ago
- Reported - view
Any update on this from Eero? I‘m due for an upgrade and am currently considering alternatives to Eero due to this basic functionality still missing after many years which is a shame since I really like the system otherwise.

And no, Eero Plus (that I’m subscribed too) does not replace the need to isolate sensitive devices such as security cameras and rarely updated IoT devices.
- NetworkinngGuru
- 8 days ago
- Reported - view
No update. It’s a shame. Buy another product.
Eero is clearly not listening to a vital part of their customer base. It’s apparent to me that they do not care about privacy and this matter.

such a shame

Content aside

Status Under Consideration
136 Votes
8 days agoLast active
91Replies
3492Views
76 Following

community

Block devices from Internet but allow local LAN

91 replies

Content aside

Home