Firewall Netflix



  • I'll tell you my goals first, so you can tell me if I'm doing it the wrong way altogether.
    Goals:

    • Use pfSense to send most traffic through a VPN for privacy reasons.
    • Firewall netflix traffic to send traffic through VPNs in different countries so as to access content there.
    • Firewall some to access the Internet w/o a VPN where privacy is unimportant and speed is.

    I've accomplished sending all the traffic through a VPN using this guide: https://forum.pfsense.org/index.php?topic=76015.0
    I would like to create a toggle to firewall netflix traffic directly through my ISP or through the VPN depending on which country I want netflix to think I am from.  Looking at this page: https://doc.pfsense.org/index.php/Blocking_websites#Using_Firewall_Rules  implies that I should be able to sent up a simple alias to do this for all the IPs.  But for sites like Netflix there are >10,000 IPs which is more than pfsense seems to be able to handle in the alias.  I'm wondering what the best way to accomplish my goals are?

    This is for home use.

    Thank you kindly for your reading.


  • Moderator

    Here is a list of IPs for Netflix. They are in Cidr format so it's more manageable. It's also in IPv4 and v6.

    http://bgp.he.net/search?search[search]=netflix&commit=Search

    You can use pfBlockerNG to collect and manage an Alias which can be used with pfSense firewall rules using the "html" download format.



  • Hello

    Today i have an open vpn and rules that matches certains ip's in my lan that use the vln as gateway.

    It works

    I used your list to create an alias with ng pfblocker

    It works

    I rewrite my openvpn rule and change source from  'alias to certains ip' to any
    And destination from any to pfb_netflix from pbflocker

    Doesn't works …

    What am I missing ?
    Thanks



  • BBCan, thanks for the info.  Am running this on an multi-wan environment, along side Suricata.  Your pfBlockerNg alias recommendation works as intenteded, thank you!

    ;)


Log in to reply