Segregate 'IoT' devices from 'User' devices
'IoT' devices typically need far fewer protocols and often contact only a handful of services. They can (and should) be given much more restricted access to the public internet.
I would like to have 'groups' or 'types' of network devices (by MAC address), which can have different restrictions applied, as a group.
Ideally, add the ability to constrain the number of simultaneous connections and/or IP addresses for a given IoT device.
As a convenience, leverage the IEEE OID database to assign new devices automatically to the appropriate group, e.g. detecting a new device manufactured by Nest is automatically assigned to the IoT group.
This would also make the 50 IP limitation on the Home edition of UTM much more practical.