Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to block spotify on pfsense?

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 6 Posters 11.4k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      ronaldreyes
      last edited by

      Hi guys,

      Is there any way how to block Spotify application on pfsense? TIA…

      Bui

      1 Reply Last reply Reply Quote 0
      • P Offline
        pszafer
        last edited by

        I think you can block those IP's
        http://bgp.he.net/search?search%5Bsearch%5D=spotify&commit=Search

        1 Reply Last reply Reply Quote 0
        • R Offline
          ronaldreyes
          last edited by

          hi Pszafer,

          Where am I going to blocked it? firewall rules?

          Thanks man.. :)

          1 Reply Last reply Reply Quote 0
          • F Offline
            firewalluser
            last edited by

            Firewall, Alias, add new alias, call it Spotify, add the (Hosts) IP ranges assigned to spotify then create a fw rule to block traffic destined to the alias should do it.

            Then you just need to keep an eye on the spotify ip ranges for changes or additions.

            Capitalism, currently The World's best Entertainment Control System and YOU cant buy it! But you can buy this, or some of this or some of these

            Asch Conformity, mainly the blind leading the blind.

            1 Reply Last reply Reply Quote 0
            • BBcan177B Offline
              BBcan177 Moderator
              last edited by

              If you want to capture all of those IPs on that page without doing it manually, you could run the following script:

              You can change the link or Folder/File Locations or pipe it to a file.

              
#!/bin/sh

fetch -v -o /tmp/ips.raw "http://bgp.he.net/search?search%5Bsearch%5D=spotify&commit=Search"

grep -aoEw -e "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0
-9]?/[0-9]{2})" -e "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0
-9][0-9]?)" /tmp/ips.raw | sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n | uniq

              23.92.96.0/22
              23.92.100.0/22
              23.92.104.0/22
              78.31.8.0/22
              78.31.12.0/22
              192.121.53.0/24
              192.121.132.0/24
              192.121.140.0/24
              192.165.160.0/22
              193.181.4.0/22
              193.181.180.0/22
              193.181.184.0/23
              193.182.3.0/24
              193.182.7.0/24
              193.182.8.0/21
              193.182.243.0/24
              193.182.244.0/24
              193.234.240.0/22
              193.235.32.0/24
              193.235.51.0/24
              193.235.203.0/24
              193.235.206.0/24
              193.235.224.0/24
              193.235.232.0/22
              194.14.177.0/24
              194.68.28.0/22
              194.68.116.0/24
              194.68.169.0/24
              194.68.176.0/22
              194.68.181.0/24
              194.68.183.0/24
              194.71.148.0/22
              194.71.232.0/22
              194.103.10.0/24
              194.103.13.0/24
              194.103.36.0/22
              194.132.152.0/22
              194.132.162.0/24
              194.132.176.0/22
              194.132.196.0/22

              "Experience is something you don't get until just after you need it."

              Website: http://pfBlockerNG.com
              Twitter: @BBcan177  #pfBlockerNG
              Reddit: https://www.reddit.com/r/pfBlockerNG/new/

              1 Reply Last reply Reply Quote 0
              • S Offline
                ser
                last edited by

                Is there any method to block the Spotify app using pfSense? Thanks in advance!

                keyserK 1 Reply Last reply Reply Quote 0
                • keyserK Offline
                  keyser Rebel Alliance @ser
                  last edited by

                  @ser There is still the IP block option which really BLOCK's it, but is maybe also a little cumbersome.
                  You could look into using the package pfBlockerNG and then select one of two paths:

                  1: If you can force all clients to only use your pfSense as DNS you could block all DNS lookups that relates to Spotify. That would effectively either require a some good google-foo to find those names, or alternatively setup at test and have your DNS server log all queries when Spotify opens.

                  2: If Actual blocking is needed rather than just preventing nameresolution, then pfBlockerNG can also be configured to import lists that contains IP addresses. I'm sure there is some site somewhere that maintains Spotify's IP in a list - alternatively you could attempt to fetch the ASN ownership of IP blocks that Spotify owns, ,but that might not cut it (CDN's and such...)

                  Option 1 I ususally the easiest and best working model even though it only prevents nameresolution rather than actual blocking.

                  Love the no fuss of using the official appliances :-)

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.