Rules to make Spotify happy?

furom

Hi,

below is what I use for my media players and such

I occasionally have Spotify complain over my network settings, and have tried many variants. As all know, some rules must be there these days.

What do you use for media, especially interested in Spotify, but all ideas are welcome.

Error in Spotify is not that exhaustive; just telling me to "Check my network settings" to continue listening...

Gertjan

@furom

As soon as you remove these

from your LAN interface, and changed it (them) for this

you've given yourself a job.

For every device, every application used, you need to know what IPs and ports and protocols are being used / are needed.
No exceptions. No short cuts.

Btw : you final block rules logs.
So, off to the firewall log, and check all blocked packets one by one.

furom

@gertjan said in Rules to make Spotify happy?:

@furom

As soon as you remove these

from your LAN interface, and changed it (them) for this

you've given yourself a job.

For every device, every application used, you need to know what IPs and ports and protocols are being used / are needed.
No exceptions. No short cuts.

Btw : you final block rules logs.
So, off to the firewall log, and check all blocked packets one by one.

Thanks. Yes, I am aware I will explicitly need to open for everything, that is intentional, as is the logging. But I don't see any blocks, hence the question. I know Spotify uses all sorts of ports and at one time I had many of them defined in aliases used by the player, but that didn't (seemingly) do much, or anything really...

Gertjan

@furom said in Rules to make Spotify happy?:

I know Spotify uses all sorts of ports and at one time I had many of them defined in aliases used by the player, but that didn't (seemingly) do much, or anything really...

Throw them in a "Ports" alias.

Example :

When I define an alias called "thisfirewallports" :

and use it like this :

As soon as I lauch a browser on a device on LAN, it will use port "443".
The rule will match, and counters in front of the rule start to rise as you can see.

If the spotify LAN device IP is known, you can even limit the rule to the IP of the device.
Or make a list (alias ;) )with IPs from the known devices that are suspected to use spotify.

furom

Thank, this is very helpful :) I have used a few aliases before but will try to use them more. Created one for Spotify now... :)

Edit: But now I want to organize stuff... Can I assign more than one alias per rule? It wouldn't accept that it seems... But would be so nice... (bringing order to chaos)
Edit2: GOT it! I created a new alias and added the ones I already had... Works great! Love pfSense some days! lol Only(?) drawback is I can now only see the other alias names, not their contained ports

ser

Thanks, that was super useful! :) I’ve used a couple of aliases before but now I’ll start using them more often. Just created one for Spotify… :)

Edit: Now I’m trying to organize things better… Is it possible to assign multiple aliases to a single rule? It didn’t seem to allow that… Would be amazing for tidying things up

Edit2: Figured it out! I made a new alias and added the existing ones inside it… Works perfectly! Gotta love pfSense sometimes! lol The only downside(?) is that I can now only see the alias names, not the ports they contain.