Please correct me if I’m wrong:
My assumption is that a network firewall can filter traffic between different subnets, so you cannot put a firewall to filter traffic in same broadcast domain, right?
I’m saying this becase this article seems to imply that a firewall can filter traffic in the same subnet:
If your network doesn’t have a guest wifi network and your Iot devices are on the same subnet as all other devices, you could (but it may be cumbersome) assign a static IP to MAC address assignment for the IoT devices so they get a block of IP addresses an assign firewall rules to that block so that it can’t talk to the rest of the network that is on the same broadcast domain (really? I assumed a firewall doesn’t filter within the same subnet), but again, even so, those devices would have access to the mgmt. interface, so you should set up a very strong username and pw.
Steve Gibson
Any insight much appreciated.
