This shit is why I’ve spent the past month setting up network segmentation on my home network. None of the Things on my network get to initiate connections to any of my computers or phones, any more than any random host on the Internet does. I am also in the process of replacing Things with offline ones (zigbee/z-wave) and hope to block any unnecessary internet access from Things.
It would be nice if people had good guides on how to do this, but it’s practically probably beyond the reach of most people. You at least need intermediate level networking knowledge or willingness to learn it (understanding how VLANs work, how to set up multicasting reflection for SSDP and mDNS so things can actually advertise services properly across your VLANs, and how to really manage a firewall), you need hardware that can actually do this with the bare minimum probably being an OpenWRT compatible router,
overly detailed alternative option
(you can also add managed switches if you need more ethernet ports, and if you need more access points you need them to support multiple SSIDs with separate VLANs – I would recommend any Ruckus AP that has BeamFlex+ and can run Unleashed if you can find them cheap on Ebay, R510 R710 are good and fairly cheap, R730 costs a bit more and requires some extra setup but is even better, it is what I use and I am very happy with it, but in any case these are probably the best wireless APs you can find at their price point which is like 5% of what they each cost when they were new)
but that’s already getting into more than most people are going to be willing/able to learn on their own and potentially hundreds of dollars in hardware. I do this because I receive great pleasure from exerting dominance over computers within my home, but not everyone thinks like that and someone really needs to come up with something for this that just works out of the box.
People who make Things are already onto pi hole/AdGuard Home. At least Amazon and Roku smart TVs will fall back to hardcoded Google DNS servers (
8.8.8.8) if they fail to resolve a domain through whatever DHCP provided DNS server.Unfortunately for them, it seems that all port 53 traffic originating from these smart TVs ends up getting routed to the AdGuard Home DNS server anyways! Weird how that happens. It does get rid of the home screen ads, but unfortunately streaming services have wised up and will wait for ads to load instead of displaying a “oh, that’s weird, our ads failed to load” screen.