We block Internet access for a lot of our smart devices. All of our control is done through the local server; and, short of updating firmware, the devices have no need to be chatting with the Internet. Unfortunately, our DSL modem/router does not have any sort of parental control, blocking, or filtering features. Fortunately, ISC DHCPD allows you to define per-host options. Setting the router to the device’s IP (0.0.0.0 may work as well) allows us to have devices that can communicate with anything on their subnet without allowing access out to other subnets or the Internet.
A quick grep statement to find stanzas for leases issued the current day:
TODAY=`printf ‘%(%Y/%m/%d)T’ -1`; egrep -A9 -B1 “starts . $TODAY” /var/lib/dhcpd/dhcpd.leases;unset TODAY