I’m just curious, what if I’d use my pi-hole to block all connections from/to China on my home network. I have a good bit of automation in place, but mostly western solutions, yet still I wouldn’t be surprised if they called China. Have any of you tried this kind of experiment? Is it even possible to block? What gone down?

  • Darklumiere@alien.topB
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I block all inbound connections from China and Russia via GeoIP blocking in Opnsense and no one in my household has ever complained. Considering setting it up to blocking outgoing as well, but any Chinese device I’m suspicious of is already isolated from the WAN.

    • psychobobolink@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Well, just blocking incoming connections doesn’t add much value. Besides if you also block already established connections, but then it would be easier saying blocking outgoing traffic.

    • Swatieson@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      What’s more suspicious than Alexa or our phones? The "bad guys’ can do jack shit with our data but the “good guys” can fuck us up.

  • Graham2990@alien.topB
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    It’s a common feature in a lot of threat management software / firewall systems. Ubiquiti and pfSense both offer it off the top of my head. I’ve used both with no noticeable issues on smart / IOT devices.

  • PaulEngineer-89@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I have denied all then only white listed US, US outlying areas, and Canada. I don’t do business outside those. This is at the firewall/IP level. Blocking outgoing DNS would probably only affect maybe Alibaba. TikTok for instance runs domestic servers so you have to explicitly block Bytedance.

    The number of random attacks per day from China, Russia, and Singapore is hundreds. That’s what firewalls are for.

  • zpollack34@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I block a handful of countries I just have no business interacting with. In and out. Doesn’t cause any problems. But you know Microsoft and Amazon aren’t checking ID before letting anyone put a server in one of their DCs? TikTok is all hosted on US servers but that doesn’t mean there isn’t a back door or a copy job sending the data off shore. So I go the extra distance to block a huge list of domestic and safe country international domains that I don’t want traffic going to or from.

  • phonyfakeorreal@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I block China and Russia on my router and haven’t noticed it one bit. I was most worried about my Tuya lights not working, but even those have been fine.

    • wifimonster@alien.topB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I think tuya has US data centers. I remember picking something like that when I set up the developer portal.

  • nodiaque@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I use pfblocker ng and block the world inbound except my own region. It’s using maxmind for IP geoloc. Never had any problem with any home automation. All these home automation normally speak to website that are hosted in your region.

  • good4y0u@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I do this. Generally no issues. I’m pretty sure some of the jank cheapo switches will route through the US or other proxy geo first anyway.

  • newbies13@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    You can do it easily, its common practice. It’s also pretty ineffective. You ever notice how VPN’s advertise you can access content outside of your geo location? Surrpise, China can do that too!

  • BeardedBaldMan@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    We block all traffic that isn’t from NA and Europe in our company (for our hosted applications). We don’t have users outside that so have no reason to accept connections.

    It’s just part of our general security strategy

  • sarinkhan@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    You could also go the extra step, and only have local automations in the home :) home assistant + choosing products well enables total local smarthome stuff. Although I don’t have a robot vacuum.

    All my services are self hosted too. Obviously there are limitations: I don’t have fancy voice assistants like Alexa of the likes. But on the flip side I don’t have spies in the house (well, there are… The android phones, and the windows and Mac computers…)

  • identicalBadger@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    This is only going to do so much. If a connection is trully malicious, it’ll probably route through a domestic or EU IP (azure, digital ocean, linode, aws, hetzner, etc)

    That said it would be interesting to monitor and see who all your devices are talking too