Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rule to block all allow only netflix for 1 single static LAN IP

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 4 Posters 597 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joepuff
      last edited by

      I have a working pfSense community setup that does a variety of things already

      I have pfBlockerNG running with some GEO blocks,
      I have some ports open for various services already working for multiple machines on the LAN

      I am not 100% sure how I should configure this newest "idea" i have in my head....

      I have a static LAN IP for my living room TV that I want to block all in/out traffic for that static IP EXCEPT to allow netflix Canada traffic in/out.

      Is this possible and what should I be looking at doing to set that up?

      I don't want the TV itself communicating over the internet, I don't care nor want any of the other apps on the TV to function so hence lock it all and open only Netflix and its related sites to come in/out.

      There must be a way to reliably do this no?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @joepuff
        last edited by

        @joepuff said in Rule to block all allow only netflix for 1 single static LAN IP:

        only Netflix and its related sites to come in/out.

        The hard part is what is that? Do you have a list of IPs that this would be, if so then yes it is very simple to set a rule via an alias that contains all of those IPs and allow, while all others blocked with rule below that.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        NogBadTheBadN J 2 Replies Last reply Reply Quote 0
        • NogBadTheBadN
          NogBadTheBad @johnpoz
          last edited by

          You could maybe try using the Netflix ASN in pfBlocker.

          Not 100% sure if they host everything in house or not.

          Andy

          1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

          1 Reply Last reply Reply Quote 0
          • J
            joepuff @johnpoz
            last edited by

            @johnpoz

            Yes, I believe I can drill up a list of netflix ips by watching traffic through wireshark on my router dumping the ones I see and a few others that I have seen posted around.... so it would be a list of them, so I am not really clear on how that goes from a text formatted list to a "rule via an alias that contains all of those IP's" .. can you elaborate what you mean by that, sorry I am pretty green at this still...

            KOMK 1 Reply Last reply Reply Quote 0
            • KOMK
              KOM @joepuff
              last edited by

              @joepuff said in Rule to block all allow only netflix for 1 single static LAN IP:

              Netflix also uses 3rd-party CDNs from what I understand, so your task is certainly not going to be easy.

              I am not really clear on how that goes from a text formatted list to a "rule via an alias that contains all of those IP's"

              Firewall - Aliases - Import

              Create your alias and then use it as the destination of a block rule.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.