I’ve just set up my pihole and I’m considering the best way to configure it. Is it a good idea to set the default group to block (almost) all domains and then manually add trusted devices to another group with a “normal” block list? My use case is untrustworthy devices that I don’t want phoning home but which might change their IP address.
Not very practical. Find a few curated lists, then start blocking domains 1 by 1. Sounds inefficient, but it’s ironically faster in the long run than blocking the whole WWW then backpedaling
The trouble is that I don’t want an untrusted device to be able to call out at all, and I won’t know where it’s trying to reach until I connect it
Isolate a wlan, then deny it access past the router
Think you meant VLAN and autoincorrect got you.
Can you explain this a bit more to a networking beginner?
most routers allow dual wireless networks now, you should be able to set one that’s exclusively for IoT. So you have MyWifi and WifiForThings.
You can then set the WifiForThings to have no actual internet access. This will mean that any apps etc won’t work though, so be aware.
Ah, sadly not something mine can do
You could get a second, inexpensive wifi router, and use it for the untrusted devices.
Any idea how I go about setting up a second sub(?)network? I’ve got a load of old routers but I’ve always assumed they’re too locked down to be of any use.
You could explore openwrt if you were inclined - you should be able to set a static ip assignation for the device and then just block that off
I’ve seen it mentioned a lot over the years, ultimately I think I’d just be making a rod for my own back by giving myself another device to support! I have considered it before but I just feel I’m going to spend a load of time tinkering every time I move house or change ISP, and paying for the privilege of buying my own hardware while I’m at it.
Eh? Not really. It’s router firmware that means you have more in depth control. It’s no different from any byo modem router deal