35

Is there a way to guarantee a mobile device or tablet can only access my own services and block all other traffic?

posted
by
Avatar
ComradeMiao@lemmy.world
in
Avatar
privacy@lemmy.ml
11 comments
hidereport

cross-posted from: https://lemmy.world/post/21884908

Is this possible on any modern day phone or tablet? Selfhosting as made me very privacy-consciouss and am concerned about my iphone.

Sort:
HotTopControversialNewOld
Avatar
megaman@discuss.tchncs.de
3 points

I use the parental controls on the router to put the roomba in grounded-child mode.

That said, I’m not actually positive it works… it is able to connect to home assistant, so it definitely has local network connectivity, but I haven’t proved to myself that it is actually unable to connect to its remote servers since it isn’t really that big of a deal to me.

permalink
report
reply
Avatar
Bakkoda@sh.itjust.works
4 points

I have a DNS server running for my home lab with conditional forwarding from pihole. Then i only pass the internal DNS to a WLAN that doesn’t need external access (locally controlled IoT devices for example).

permalink
report
reply
Avatar
dysprosium@lemmy.dbzer0.com
2 points

So some WLAN devices just can’t make any DNS requests that are outside your LAN, correct? But what if they use a hardcoded ip, wouldn’t that circumvent everything?

permalink
report
parent
reply
Avatar
Bakkoda@sh.itjust.works
3 points
*

Port 53 going to the internal dns? Nope? Drop! Same rule you would use everywhere else to push all dns to your preferred dns server.

Static routes are also a great way but I’m not familiar enough with your setup or static routes to explain. Pihole can also have groups which can apply different rules, lists etc.

permalink
report
parent
reply
Avatar
N0x0n@lemmy.ml
5 points
*

If you’re running an Android phone, there’s RethinkDNS which can block every requests except those explicitly allowed by yourself on the DNS level and firewall your traffic based on your rules.

It’s very customizable but It’s not that easy to get it right. You can even hook up your own wireguard tunnel and add block lists similar to uBlock.

If you want to dig deeper into the DNS blocking you can have a look at PCAPdroid which allows you to peek into wich app does what on the DNS level. While it works without rooting your phone, if you want to use it in combination with your VPN, you need root access.

permalink
report
reply
Avatar
satans_methpipe@lemmy.world
1 point

Use a static route.

permalink
report
reply
Avatar
yeehaw@lemmy.ca
5 points

Yes, you need a firewall. Deny traffic to the internet, permit to your self hosted resources. If you intent to take this phone out of the house, you can configure always on VPN with tasker and wire guard.

permalink
report
reply

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 4.4K

    Monthly active users

  • 1.7K

    Posts

  • 24K

    Comments

Community moderators