So just to put this differently; I expect that you might be able to control your risk of data leaks, in your communications with your heating system, because this data transfer (when correctly managed by your private hub) will be in very small packets which are expected to be unable to call anything except their own “system control” network.
(This would not apply if you have Google thermostats. )
Also in defense of /e/ the approach of tracker limiting, in my experience is more educational and allows the opportunity for good user control, as compared with software that attempts to mimic a real firewall. (I have no experience of AFwall.) As I am not sufficiently well informed about the today very new Advanced privacy, I make no attempt to tell you how I might score it out of 10 for effectiveness.)