Cutting Tuya device from the Internet

cichy1173 · August 30, 2023, 9:40pm

Hi. I use ASUS RT-AX53U router with OpenWrt 22.03.5. I have Petoneer Fountain which i connected to Home Assistant using LocalTuya. I want to cut this device from the internet. I created traffic rule like on screenshot. But this is not working. Device still makes calls to Tuya server and reports all data, which I can read in data logging in Tuya IoT. How to cut this device from the internet?

I set an address reservation. Also I tried to use LAN as a Source zone. The device still logs data to tuya IOT Cloud.

I must add that, this rule worked for the first time, but I had some issues, and I have to link the device to tuya account again and add the device to localtuya again. Now this rule does not work and the fountain logs the data.

psherman · August 31, 2023, 5:16am

The source zone is incorrect. It should be lan or whatever nework/zone your LocalTuya device uses.

cichy1173 · August 31, 2023, 8:48am

Hi. Thank you for your response. As I wrote, I tested a solution where I set 'LAN' as Zone

Also I tried to use LAN as a Source zone. The device still logs data to tuya IOT Cloud.

krazeh · August 31, 2023, 9:55am

Did you create the rule after the device had already been communicating with the internet?

Reject rules in the firewall (by default) come after the accept rule for already connected or established traffic, so if a device is already communicating with the internet when you add a reject rule it won't immediately take effect.

Try changing the zone back to the correct one, then unplug the fountain for 20-30 minutes before turning it back on. That should hopefully be sufficient time for any already established connections to clear and the firewall will prevent further attempts.

frollic · August 31, 2023, 9:58am

does the device need internet or wifi to work properly ?

if not, just don't connect it, or create a BS wifi for the set up process, then delete it again.

cichy1173 · August 31, 2023, 10:10am

Hi. The device needs internet connection at the beginning. it needs to be connected to Tuya mobile app and then added to the IoT Project on Tuya IoT platform. That allows to get device data like ID and local key. These data is needed to establish the connection in LocalTuya. If LocalTuya is working, the internet connection can be cut off.

Underworld · August 31, 2023, 1:28pm

You need to restart the router after you change to Lan. Restarting just the firewall do not work for me.

cichy1173 · August 31, 2023, 4:28pm

I did not change the default action to Reject for the entire network, only thing I did was to run the traffic rule once again (which can be seen in the screenshot in the first post, but I set LAN as zone once again). Then I unplugged the device from the energy for about 45 minutes. Since then (it's been about 2 hours), the device appears in the IOT Tuya platform as Offline, and there is nothing new in the logs (the last log in the screenshot below).

obraz

I will investigate further and keep an eye out to see if the connection returns. Thanks!

Did you create the rule after the device had already been communicating with the internet?

Yes. The device needs internet connection for the first pairing with Tuya Platform. This is needed because Tuya IOT Platform is the only way to get local_key and other data about the device.

system · September 10, 2023, 4:28pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.