Rule to block all allow only netflix for 1 single static LAN IP
I have a working pfSense community setup that does a variety of things already
I have pfBlockerNG running with some GEO blocks,
I have some ports open for various services already working for multiple machines on the LAN
I am not 100% sure how I should configure this newest "idea" i have in my head....
I have a static LAN IP for my living room TV that I want to block all in/out traffic for that static IP EXCEPT to allow netflix Canada traffic in/out.
Is this possible and what should I be looking at doing to set that up?
I don't want the TV itself communicating over the internet, I don't care nor want any of the other apps on the TV to function so hence lock it all and open only Netflix and its related sites to come in/out.
There must be a way to reliably do this no?
only Netflix and its related sites to come in/out.
The hard part is what is that? Do you have a list of IPs that this would be, if so then yes it is very simple to set a rule via an alias that contains all of those IPs and allow, while all others blocked with rule below that.
You could maybe try using the Netflix ASN in pfBlocker.
Not 100% sure if they host everything in house or not.
Yes, I believe I can drill up a list of netflix ips by watching traffic through wireshark on my router dumping the ones I see and a few others that I have seen posted around.... so it would be a list of them, so I am not really clear on how that goes from a text formatted list to a "rule via an alias that contains all of those IP's" .. can you elaborate what you mean by that, sorry I am pretty green at this still...
KOM last edited by
Netflix also uses 3rd-party CDNs from what I understand, so your task is certainly not going to be easy.
I am not really clear on how that goes from a text formatted list to a "rule via an alias that contains all of those IP's"
Firewall - Aliases - Import
Create your alias and then use it as the destination of a block rule.