If only there were a way to isolate devices on our networks with some sort of iptables "jail". There is no reason my TV should be talking to any other site than the manufacturer, and I should have an easy way in my fancy-schmancy router to click a button and "jail" any device on my network and then whitelist the specific sites (with appropriate IP-to-hostname lookups for us non-techie homeowner types) that I think the device needs to actually connect to.
This would let me easily shut off all internet connectivity between my abandoned, no longer updated or used "smart" device. Be it a TV, BluRay player, DVD player, or even a Roku, FireStick/TV, ChromeStick, or my Nest thermostats, refridgerator, or my printer, and
especially my home security video cameras. Things like "jailing" my Samsung SmartTV and allowing it only to talk to samsung.com (plus a few country variants) and say netflix.com servers. And that's it. Anything else, my trusty router will block. Maybe drop an alert for me to evaluate whether or not to allow a new connection as I'm "learning" what's "legit" or not with that device.
How about it,
@RMerlin? Anything like that in the works for my somewhat aging RT-AC68R. Not a complaint, but a hope you're up to making something like that happen.
I really, really, don't have the patience to sit down and analyze the logs, convert IPs to hostnames, figure out if the traffic from or to the device is legit or not, and then study IPtables commands for a week and hope I don't break something. My point isn't to whine about how hard it is, technically to do such a thing, but to point out that surely there is an easier way that Joe Homeowner with a non-IT networking job can secure his home (and all of the IoT devices hanging off of his network) from having secret conversations with unsavory IP addresses out on the interwebs.
I'd even pay for firmware or a module that did that.
