cross-posted from: https://lemmy.world/post/21884908
Is this possible on any modern day phone or tablet? Selfhosting as made me very privacy-consciouss and am concerned about my iphone.
I use the parental controls on the router to put the roomba in grounded-child mode.
That said, I’m not actually positive it works… it is able to connect to home assistant, so it definitely has local network connectivity, but I haven’t proved to myself that it is actually unable to connect to its remote servers since it isn’t really that big of a deal to me.
Use a static route.
If you’re running an Android phone, there’s RethinkDNS which can block every requests except those explicitly allowed by yourself on the DNS level and firewall your traffic based on your rules.
It’s very customizable but It’s not that easy to get it right. You can even hook up your own wireguard tunnel and add block lists similar to uBlock.
If you want to dig deeper into the DNS blocking you can have a look at PCAPdroid which allows you to peek into wich app does what on the DNS level. While it works without rooting your phone, if you want to use it in combination with your VPN, you need root access.
I have a DNS server running for my home lab with conditional forwarding from pihole. Then i only pass the internal DNS to a WLAN that doesn’t need external access (locally controlled IoT devices for example).
So some WLAN devices just can’t make any DNS requests that are outside your LAN, correct? But what if they use a hardcoded ip, wouldn’t that circumvent everything?
Port 53 going to the internal dns? Nope? Drop! Same rule you would use everywhere else to push all dns to your preferred dns server.
Static routes are also a great way but I’m not familiar enough with your setup or static routes to explain. Pihole can also have groups which can apply different rules, lists etc.
You could set it to use your own DNS server, and have the server block anything not on a whitelist.
Actually, there are some apps and even phone level things that do try to call to custom DNS, ignoring all the phone settings, including those defined in the global settings. Termux nslookup is one I can think of at the top of my head that ignores the phone’s settings and instead tries to call to Google DNS. I’ve got DNS default blocked in a custom script for AFWall on my phone, excluding calling my custom DNS, and see the block frequently hit. Just now checking, I see 54 blocks on 8.8.8.8:53, 2 blocks on 1.1.1.1:53, and 16 on “other” port 53 (catch all block).
Think the best solution is either a router firewall setup if always on the wifi, or a phone firewall app that can act as a VPN and just default block everything, or something like that. If rooted, AFWall does wonders.
