ty it did. now i know more :}
The firewall (openwrt in my case) blocks internet traffic in the iot lan (but I can open it occasionally for sw maintenance).
ooo thats interesting.
but the part that confuses me though, i get that you are vlan to separate them out. but then for usability, how exactly are you communicating to the iot vlan using say an android smartphone to control the devices?
i'm assuming that you have a WIFI vlan setup to that IOT vlan (basically same vlan tag), so u switch to that wifi IOT vlan to be able to do so.
Do you keep ur mobile devices and iot on same network? because based on those security articles i mentioned, seems even ur mobile devices can be susceptible to attacks by iots. so u then have to keep the mobile devices away from iot networks as well.
but then this still comes back to, how then to interact with iot if they are on separate vlan e.g. when i want to on/off smart led using android smartphone.
i thought that avahi on pfsense would be a solution to this, but i doubt i ever got this to work. basically it's suppose to allow traffic in one direction but not the other. So your private lan can access your other vlan stuff, but your vlan can't do the same. But in their use case, they were using google chromecast as an example what it's for. i just assume it would also work for things like iot smart leds as well
https://www.youtube.com/watch?v=kYKfmS5_3r0
but in terms of iot security, paul hilbert summed it up, either hubitat, or home assistant
https://www.youtube.com/watch?v=Q10nVFbP0ME
hubitat uses a hub, but at least it keeps the iot OFF the cloud (i never liked these cloud features
cauz i felt they were a security and privacy hazard ). then the home assistant (from my setup to basic usage, it felt easy to use. however, for further tweaking/tinkering, it does begin to become more complex when dabbling in scripts, though to be fair you can copy/paste scripts and follow guides carefully, but it's still a hassle to some that don't enjoy spending too much time and effort on this). he also mentioned in other youtube videos he did, about some other iots that are also similarly OFF the cloud (basically localized on the lan), but i can't point exactly which device he was referring, other than it was a led light is all i can recall.
the reason why i went for a yeelight led, was because it omits having to use a hub, and it had a lan feature for use with home assistant, so then you had an option to stay off the cloud. but whether that rely worked in practise, i only could find out/explore after purchasing it first (i did try doing my research first, but u don't always know everything and sometimes u have to try in person to gain practical understanding of it, so it was worth if only to learn so i don't make the same mistakes in future for iots)
the one thing i've learned most about iot is the fact some of these devices have a risk that if the company goes under or decides to stop updating their app, or shutdown their cloud server, there is high odds that your smart led could no longer function. I find this very unacceptable, and this is why i've been trying my hardest to stay away from iot devices that have this sort of risk hanging over your head. the other thing is the security aspect. less cloud to no cloud is better than having cloud (unless u rely need that feature, i don't. home lan wifi is more than sufficient for me)
anyway not familiar with openHAB, so i found this to find out more
Automate Your Home with openHAB
https://www.youtube.com/watch?v=Uqusn5MmaM4
Home Assistant vs OpenHAB - Which one is better?
https://www.youtube.com/watch?v=A4jrE_MtRWc