I checked some topics about that but I do not understand what I did wrong. I had the Tuya and Xiaomi devices which has got established local connection - they need Internet only for pairing mode. I would like to create the firewall rule which will cut off the connection between the device and the IoT cloud. The devices are connected by wifi (not Zigbee etc.). My rule of firewall looks like this:
What should I do to switch off possibility to go Internet by the device 12.101.88.180 ? I would like to connect to the device only by internal server with Home Assistant. I tried to use different construction of the firewall rules but always I have the possibility to control devices from the cloud apps. Many thanks for the support. I suppose my question is easy but sorry but I am really begininer in the network topics. So please explain me as easiest as possible.
The “input” chain is for traffic to the router itself. (WinBox, WebFig HTTP, SSH…) You want the “forward” chain here, being for traffic crossing the router.
Rather than match on specific IPs and ports, if you want all access blocked, why not match on the device MAC instead? MAC spoofing is trivial, but if you catch it doing that, that’s enough to qualify it as malware, IMO.
(Exception: the private MAC feature in mobile devices, where regular randomization of the MAC is a desired behavior.)
Thank you but this option does not cut the internet connection to the Tuya cloud and I have possibility still to control the device by app. I saw also the thread from November with similar problem but it did not solve my issue. Any other ideas?