I unfortunately HAD to get a stupid thermostat with wifi. can’t even get one without it now. I’d much rather have it not hooked up but I may be forced to.
How can I put this on a VLAN and block all it’s telemetry? It’s a honeywell. Can i put it on my VLAN and then use mullvad DNS to block all the shit?
“They” are saying it has to be on wifi so it can see the outdoor temp to talk to the heat pump. Bullshit i say.
Yeah I have a dedicated IoT wifi network for those types of random devices. They are isolated, so any device on that particular network cant talk to any other device. If they must communicate with each other, I will set up firewall rules between the two, but wont let them access anything else on the network.
If they need internet access, you can rate limit their speed to like 1kb/s and set their dns resolver to a pi hole to keep tabs on where they are phoning home to and block accordingly.
If you can configure that devices TTL, set it low to like 4 or 5, and increase by 1 if its having trouble reaching the necessary destination. Also, block access to outside countries, as you probably aren’t needing remote management from the foreign motherlands.