I would add logging so that you would know if anything was amiss. To test you could temporarily install a PC at the blocked address and see what happens.
For more complete control as IoT devices proliferate I would add a separate zone and set up a VLAN for home automation etc. -----Original Message----- From: Victor McAllister [mailto:[email protected]] Sent: Thursday, November 03, 2016 11:53 AM To: Bering List Subject: [leaf-user] prevent Iot from the net I have a couple devices, such as a DVR, on the local net (loc) that I do not want to have access to the Internet. Remember the recent DDOS attacks that originated with Iot devices! I added this to shorewall rules. DROP loc:192.168.1.x,192.168.1.y net all They get their time from the local time server so they have no reason to access the net. I have not tested this, but at least shorewall compiles and runs. Any comments. Victor ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/ ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi ------------------------------------------------------------------------ leaf-user mailing list: [email protected] https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/
