Block devices from Internet but allow local LAN
tl;dr - The current 'Block device' feature blocks the device from joining the local network entirely. It would be very useful to have an additional type of blocking mode that allows full local LAN access, but prevents outbound Internet connections.
Use-case: The main one (for me) is mainly for the millions of IoT devices that people have in their homes. The grand majority of these are not designed with security in mind (default root passwords, lots of unnecessary calls to cloud services for various data reporting, inability to even change these settings, etc.). Lots of the botnets these days are actually composed of these types of devices. Being able to use them in home via bluetooth and wifi (say, a light switch controller, a vaccuum, a kitchen appliance) but blocking them from outbound internet connections would be very useful.
Description of feature: It’s all about being able to allow a device to talk to the local network (for example 192.168.1.0/24) but then be blocked in any outbound, non-local-subnet connections (i.e. those that will hit the default route (192.168.1.1 in this example) and then be NAT’d by the eero to the public address). The current feature acts more like blocking a switch port… if you block a device, it can literally talk to nothing (including 192.168.1.0/24 in this example).
To be clear, I'm not using whitelisting/blacklisting, I'm using a profile. I named the profile "No Internet Access" and the profile contains a "Pause Internet" schedule which is active 24 hours a day, 7 days a week.
If the pause internet function of the eero actually blocks all internet access, then this should be working correctly. So far it seems to be blocking all internet access, and I can still talk to the camera locally and grab video from it, so it is working locally.
(sorry these pix seem to be obnoxiously large)
After 4 years and no fix from Eeros, I suppose we aren't going to see one.
Is this a hard thing to implement or just something they don't want to implement for one reason or another?
All the same, it makes me contemplating switching out my mesh. Does anybody know if Orby or TP-Link offer the abilty to allow specific devices onto the internet while blocking others?
We retired our eero mesh and moved on as eero refused to implement a basic feature that EVERY OTHER reputable router manufacturer supports. And as the go-to person for family and friends who need tech advice, I will always respond with "Not eero" when asked for router and mesh recommendations. Eero, you've displayed a complete disregard for basic security practices and hefted a huge middle finger to your user base on this one. Good riddance.