I realized I was at risk by having smart devices on my normal network, so decided to move them to my guest network.
I don’t like my smart tv, but it’s all I have to work with for now. I want to keep it on my guest network, but still stream using jellyfin. I see on my netgear router there is an option to “let devices on guest network see other devices and access local network” which would probably allow it to see my jellyfin server, but then doesn’t that defeat the point of a guest network? Maybe I need to learn what a reverse proxy is…jellyfin server is currently on windows (not my pc) but could move it to my linux pc if needed.
And yes, I plan to get a media center linux box in the future so I don’t have to deal with the garbage smart tv os!
I don’t think DNS blocking is sufficient for untrusted devices. A Pi-hole won’t stop or report on a device that doesn’t use it. WAN blocking is good when you can use it, but also not sufficient on its own and can render devices non-functional (which maybe they should be…). Virtual or physical LAN segregation and a firewall is required to both stop your trusted devices being accessed maliciously, and to block/sniff what the untrusted devices are doing with WAN access.