Ask Slashdot: Could A 'Smart Firewall' Protect IoT Devices?

To protect our home networks from IoT cracking, Ceaus wants to see a smart firewall: It's a small box (the size of a Raspberry Pi) with two ethernet ports you put in front of your ISP router. This firewall is capable of detecting your IoT devices and blocking their access to the internet, only and exclusively allowing traffic for the associated mobile app (if there is one). All other outgoing IoT traffic is blocked... Once you've plugged in your new IoT toaster, you press the "Scan" button on the firewall and it does the rest for you.
This would also block "snooping" from outside your home network, and of course, keep your devices off botnets. The original submission asks "Does such a firewall exist? Is this a possible Kickstarter project?" So leave your best answers in the comments. Could a smart firewall protect IoT devices?

Re:some rules

[Giant+Electronic+Bra]

ALL you need are some CONVENTIONS. Every firewall that isn't utterly worthless already blocks ALL outgoing traffic. IoT devices should, by convention, expose their API on a specific and otherwise not typical port. This port can simply always be blocked, ALWAYS ALWAYS blocked on the firewall. Now, when you need to have some specific access from somewhere, then the firewall could act as an authenticating proxy, removing the need for IoT vendors to actually grok security (which is literally a hopeless hope, they never will). Assuming your wireless network is adequately secured, so that nothing gets on it that you don't want there, you should be pretty set. Further conventions could relegate all IoT devices to a separate specific VLAN, etc. The key point is, all the devices need to do is adhere to some VERY simple conventions that even half-assed software vendors can adhere to.

Won't stop all problems, but it would make a damned good start.