[ohazi]

The problem is that LAN only can't be verified as long as that LAN also has a route to the public internet. It could be LAN only for the first week so that it passes your initial smoke test, and then goes on to do whatever it wants. Or a firmware update could add new mothership pinging features.

If you want LAN only, you really need to put the device on a LAN that is actually isolated, and use a trusted device to bridge that gap so that you can shuttle commands and responses from your actual network.

I cobbled together my own system that works kind of like this using a raspberry pi and hostapd, and it works quite well for most things.