I would add logging so that you would know if anything was amiss.
To test you could temporarily install a PC at the blocked address and see what
happens.
For more complete control as IoT devices proliferate I would add a separate
zone and set up a VLAN for home automation etc.
-Original Message-
From: Victor McAllister [mailto:victo...@sonic.net]
Sent: Thursday, November 03, 2016 11:53 AM
To: Bering List
Subject: [leaf-user] prevent Iot from the net
I have a couple devices, such as a DVR, on the local net (loc) that I do not
want to have access to the Internet. Remember the recent DDOS attacks that
originated with Iot devices! I added this to shorewall rules.
DROP loc:192.168.1.x,192.168.1.y net all
They get their time from the local time server so they have no reason to access
the net.
I have not tested this, but at least shorewall compiles and runs. Any comments.
Victor
--
Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi
processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/
--
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
leaf-user mailing list: leaf-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/leaf-user
Support Request -- http://leaf-project.org/