IoT Telemetry Firewall That Catches What DNS Blocking Misses
Pi-hole and AdGuard Home are the go-to for blocking smart home telemetry, but devices increasingly bypass DNS via hardcoded IPs, DNS-over-HTTPS, and certificate pinning. One developer documented Philips Hue, Amazon Echo, and even NordVPN and Firefox phoning home despite disabled telemetry settings. Users want network-level visibility and blocking that goes beyond DNS sinkholes.
The play is a Raspberry Pi image (or Docker container on a home server) that does deep packet inspection at the network level, auto-discovers IoT devices by MAC/fingerprint, and applies device-specific blocking profiles. Think Pi-hole but with IP-level blocking and traffic anomaly detection. The 'telemetry report card' showing exactly what each device tried to send is the feature that sells it.
landscape (3 existing solutions)
DNS blocking catches maybe 60-70% of IoT telemetry. The remaining 30-40% goes through hardcoded IPs, DoH tunnels, and certificate-pinned connections that no DNS sinkhole can see. Proper firewall rules can catch more but require per-device manual configuration on pfSense/OPNsense. Nobody has built an IoT-specific firewall appliance that combines DNS blocking, IP reputation, traffic analysis, and device profiling into one self-hosted tool with a consumer-friendly UI.