I have a couple devices, such as a DVR, on the local net (loc) that I do
not want to have access to the Internet. Remember the recent DDOS
attacks that originated with Iot devices! I added this to shorewall rules.
DROP loc:192.168.1.x,192.168.1.y net all
They get their time from the local
I would add logging so that you would know if anything was amiss.
To test you could temporarily install a PC at the blocked address and see what
happens.
For more complete control as IoT devices proliferate I would add a separate
zone and set up a VLAN for home automation etc.
-Original