Easily toggle internet access

[flatsiedatsie]

If a user enables something.mozilla-iot.org as a way to access their local system, it would be great if this access could be toggled with the flip of a switch.

Rules integration If there was a "gateway" thing with "allow outside access" as a binary property, then users could make rules such as "disable outside access when everyone is home" and/or "disable outside access when it's night time". (Perhaps there doesn't even need to be a thing for this).

It would add to a feeling of being able to trust this feature.

Story: As a user I'd like to minise the risk of hacking or abuse by limiting when the Gateway can be reached from the internet.

A quick side question: If a user has enabled this feature, and they try to visit something.mozilla-iot.org from inside their home network, does this mean that Mozilla's server is contacted? Or is there some way that the router knows to forward this to a local device directly? While I trust Mozilla, the idea that a signal goes out every time I access the gateway UI would be a bit unnerving. If this is the case, I understand that in the near future I will be able to do both? I could visit gateway.local to avoid sending that signal?

[mrstegeman]

This is a duplicate of #1051

The way the tunnel works is that the PageKite script on your gateway makes an outgoing connection to our AWS server. When a user types <something>.mozilla-iot.org, the DNS lookup is handled by the same server, which just points to itself. When the HTTPS request occurs, it is routed directly through the tunnel (if it exists within the PageKite server), else it will just get dropped. In no case does the server ping your network directly. Communication only happens through the gateway-initiated tunnel.