122Block devices from Internet but allow local LAN
tl;dr - The current 'Block device' feature blocks the device from joining the local network entirely. It would be very useful to have an additional type of blocking mode that allows full local LAN access, but prevents outbound Internet connections.
Use-case: The main one (for me) is mainly for the millions of IoT devices that people have in their homes. The grand majority of these are not designed with security in mind (default root passwords, lots of unnecessary calls to cloud services for various data reporting, inability to even change these settings, etc.). Lots of the botnets these days are actually composed of these types of devices. Being able to use them in home via bluetooth and wifi (say, a light switch controller, a vaccuum, a kitchen appliance) but blocking them from outbound internet connections would be very useful.
Description of feature: It’s all about being able to allow a device to talk to the local network (for example 192.168.1.0/24) but then be blocked in any outbound, non-local-subnet connections (i.e. those that will hit the default route (192.168.1.1 in this example) and then be NAT’d by the eero to the public address). The current feature acts more like blocking a switch port… if you block a device, it can literally talk to nothing (including 192.168.1.0/24 in this example).
-
To be clear, I'm not using whitelisting/blacklisting, I'm using a profile. I named the profile "No Internet Access" and the profile contains a "Pause Internet" schedule which is active 24 hours a day, 7 days a week.
If the pause internet function of the eero actually blocks all internet access, then this should be working correctly. So far it seems to be blocking all internet access, and I can still talk to the camera locally and grab video from it, so it is working locally.
(sorry these pix seem to be obnoxiously large)
-
Bob111 you are correct! i had not explored that option, but yes- it looks to be the way to do what i need... much appreciated!
-
gtreece meh. turns out it's doing a lot more than blocking internet access now. Certain things I can still do, like get an rstp stream from the camera, but i can't get snapshots from the http port of the camera anymore.
Experimented with a couple of local printers and it made them unusable. They're connected to wifi and all, but I can't print to them, can't ping them, etc.
I'll just check eero's documentation on how the Pause Internet actually works. I'm kidding, of course, eero doesn't really document anything for the user. -
Bob111 - not good. I've been having issues in general with my Amazon music streams keep getting dropped. I've read that that is fairly common. i had 2 cameras drop this morning, but have not investigated yet.
-
-
Are there any updates on this?
-
Hello,
do I have to use a different IP address, not 192.168.1.1..... I see in Windows, his IP address is used but I do not know much about it because I don't own that IP address... do I have a way to use a custom IP address?
Thanks
-
How is this not a feature yet? I'm not paying for eero plug for this simple request.
