I have a separate IoT network. It’s basically just a guest wifi for IoT. Anything coming in on that network gets a VLAN tag and only previous & established connections can get out. Honestly, it’s kinda a pain in the ass with homeassistant because I keep HA on the other network so I have to manually find devices. It might be easier to just block it at the ip level or blacklist outgoing ip ranges to Tuya or whatever.
I have a separate IoT network. It’s basically just a guest wifi for IoT. Anything coming in on that network gets a VLAN tag and only previous & established connections can get out. Honestly, it’s kinda a pain in the ass with homeassistant because I keep HA on the other network so I have to manually find devices. It might be easier to just block it at the ip level or blacklist outgoing ip ranges to Tuya or whatever.