I have these smart speakers (from Teufel, therefore the name) connected to our wifi. Source of never ending fun, everyone connected to the wifi is able to control them. So either ban everyone to the guest wifi which would not allow them to use stuff they should be able to, or get nerdy.

After poking around with wireshark it was obvious the speakers are discovered via multicast DNS. Therefore, I configured a raspberry pi to provide a new wifi hotspot which the speakers connect to. Both networks are bridged together but mDNS traffic is stopped in the pi and only forwarded to configured devices. Of course this is far from being bullet proof but works perfectly in my situation. The speakers only pop up in the computer and smartphone in both the native app and Spotify.

Because it is annoying to configure the pi by hand, I wrote an ansible playbook to do it for me. You can find it here

More details are given in the readme, but basically all you need to do is enter the ssid and password for the new hotspot, add the ips of pi, the devices you want to hide and controllers which are allowed to receice their mDNS traffic and run the playbook with

ansible-playbook -i inventories/hosts teufelhole-playbook.yml