Rule to block all allow only netflix for 1 single static LAN IP
-
I have a working pfSense community setup that does a variety of things already
I have pfBlockerNG running with some GEO blocks,
I have some ports open for various services already working for multiple machines on the LANI am not 100% sure how I should configure this newest "idea" i have in my head....
I have a static LAN IP for my living room TV that I want to block all in/out traffic for that static IP EXCEPT to allow netflix Canada traffic in/out.
Is this possible and what should I be looking at doing to set that up?
I don't want the TV itself communicating over the internet, I don't care nor want any of the other apps on the TV to function so hence lock it all and open only Netflix and its related sites to come in/out.
There must be a way to reliably do this no?
-
@joepuff said in Rule to block all allow only netflix for 1 single static LAN IP:
only Netflix and its related sites to come in/out.
The hard part is what is that? Do you have a list of IPs that this would be, if so then yes it is very simple to set a rule via an alias that contains all of those IPs and allow, while all others blocked with rule below that.
-
You could maybe try using the Netflix ASN in pfBlocker.
Not 100% sure if they host everything in house or not.
-
Yes, I believe I can drill up a list of netflix ips by watching traffic through wireshark on my router dumping the ones I see and a few others that I have seen posted around.... so it would be a list of them, so I am not really clear on how that goes from a text formatted list to a "rule via an alias that contains all of those IP's" .. can you elaborate what you mean by that, sorry I am pretty green at this still...
-
@joepuff said in Rule to block all allow only netflix for 1 single static LAN IP:
Netflix also uses 3rd-party CDNs from what I understand, so your task is certainly not going to be easy.
I am not really clear on how that goes from a text formatted list to a "rule via an alias that contains all of those IP's"
Firewall - Aliases - Import
Create your alias and then use it as the destination of a block rule.