IoT

Okay this is the first potentially complicated segment, because depending on your needs, you might actually want it to be three different segments with varying levels of controls and severity:

• Highest severity - This is going to be all the devices that you don’t understand why they have WiFi/internet access but maybe still want to let them do things. This is your refridgerator, washing machine, coffee maker, etc. This segment would be allowed access to the internet and that’s it. They wouldn’t even get access to the internal DNS. They can’t interact with other endpoints locally, they can only reach out and call home.
• Medium severity - These are devices that desire moderate communication with other devices on the local network. I don’t have any examples of these, but maybe your thermostat needs this level.
• Low severity - This is where your devices that are fairly trusted but still IoT go. This could be things you build yourself with esp8266 boards, a Hue bridge, an OctoPi server for your 3D printer. They have no outbound SSH ability, but can access the internet and local clients can reach them.