This requires being militant about never connecting under any conditions. If the device ever is even briefly connected to a particular network (especially any commonly-named public network), unless that entry is cleared, the device may reconnect later unintentionally and with no obvious indication of having done so..
For those with more expansive threat models, intentional dvice or network spoofing or cloning might bebrisks.
Since firewalling is performd off-device (on the home-LAN router), this will resut in an unsecured evice.
My preference would be for some on-device configured networking limits. Putting full reliance in fixed-site infrastructure migh be unpleasantly surprising.
For those with more expansive threat models, intentional dvice or network spoofing or cloning might bebrisks.
Since firewalling is performd off-device (on the home-LAN router), this will resut in an unsecured evice.
My preference would be for some on-device configured networking limits. Putting full reliance in fixed-site infrastructure migh be unpleasantly surprising.