77

Block devices from Internet but allow local LAN

tl;dr - The current 'Block device' feature blocks the device from joining the local network entirely. It would be very useful to have an additional type of blocking mode that allows full local LAN access, but prevents outbound Internet connections.

Use-case: The main one (for me) is mainly for the millions of IoT devices that people have in their homes. The grand majority of these are not designed with security in mind (default root passwords, lots of unnecessary calls to cloud services for various data reporting, inability to even change these settings, etc.). Lots of the botnets these days are actually composed of these types of devices. Being able to use them in home via bluetooth and wifi (say, a light switch controller, a vaccuum, a kitchen appliance) but blocking them from outbound internet connections would be very useful.

Description of feature:  It’s all about being able to allow a device to talk to the local network (for example 192.168.1.0/24) but then be blocked in any outbound, non-local-subnet connections (i.e. those that will hit the default route (192.168.1.1 in this example) and then be NAT’d by the eero to the public address). The current feature acts more like blocking a switch port… if you block a device, it can literally talk to nothing (including 192.168.1.0/24 in this example).

56replies Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • Yes, this is a real issue for me. There are times when I need the kids to not have internet, but they need local access to print out school work, stream music from our media server, and work the freakin' IP light bulbs.

    Like 2
      • nibrwr
      • nibrwr
      • 3 mths ago
      • Reported - view

      +1. Would like to limit Internet access but allow LAN Plex/Time Machine access

      Like
  • This would be an excellent feature on eero. Please add as a standard feature (I.e. don’t add as a subscription feature)

    Like
  •  know this is an old request - but thought I'd add a use case in hopes that it gets bumped up

    .  We have two different NAS drives for our house.  One is for media and the other is a RAID for backups of our personal data.  The media one isn't touched much and doesn't need outside access. from a security perspective would like to just have it locked down so I don't have to muck with it with every little security update.

    On the RAID - I absolutely  want to make sure that the RAID is not accessible external to our local network as it comes with all sorts of pre-installed software for FTP and SMTP servers.  I've turned those off I believe at the device but it would be brilliant if I could just shut off all Internet access for that device but still let it work on our network.  I occasionally will want to turn it back on in controlled situations so having a easy 'switch' in the Eero software would be really valuable.

    Like
  • Hi,

    I think you should try the dmoat home network security device. this device provides security to your home router and builds a security firewall.

    Like
  • I would also like this implemented in the firmware. I have LAN services (ie: Plex) that need to be accessible while the internet is paused. 

    Like
  • Definitely a needed.  I have several IoT devices that I don't want to access the internet.  A simple way to block all ports per device would go along way. 

    Like
  • +1 for this feature! Found this thread while trying to google how to do this with my eero.

    Like
  • I chose Eero for ease of use and reliability. Overall it's been great for that. However, it's just too dumbed down. There are a few missing features (like this one) that would need to be implemented before I can start recommending Eero over other mesh networks.

    Like 1
      • Bender
      • Bender
      • 1 mth ago
      • Reported - view

      matthew I very much agree. Eero is great but missing customizable features that that really help secure your network better. Unfortunately, Eero takes extremely long to implement new features.  For example, the ability to block websites by URL was recently added.  Users have been requesting this feature for years.

      Like
  • There are 3 things still missing from eero to really complete the package for me and this is the number one.

    Like 1
  • Kinda sucks. My stupid Dlink camera is infected with Mirai and I can't get rid of it. On my old router I just blocked it from the internet and it was fine

    Like
Vote77 Follow
  • Status Under Consideration
  • 77 Votes
  • 4 wk agoLast active
  • 56Replies
  • 1441Views
  • 46 Following

Need Help? We're here for you!

We're big on support, and we want to make sure you always have the best eero experience possible. Here are several resources you can use if you ever need our help!


Quick links

Community Guidelines

Help Center

Contact eero support

@eerosupport

eero.com