Bag it.  It has something to do with DNS Blocking.  I tried several things and just ended up deleting the iHeart Radio app from my TV.  I could get it to work on my PC but not the TVs.
Very odd. I have 3 interfaces and I can only stream iHeart Radio from one of them.  It took me a while to determine that it was OPNSense as I migrated to OPNSense over the weekend and then iHeart Radio stopped streaming to my TVs.  I went to my PC to find out that I can stream on one LAN but not the other 2.  I only have the default rules on all LANs.  How should I navigate to find the problem?
			
			
			
				Only the initial LAN interface receives default rules allowing unfettered access to anything.
Did you clone these rules on the new interfaces?
New interfaces only get a fairly strict set of auto-generated rules...
			
			
			
				Thanks.  All 3 interfaces appear to at least have the same number of Automatically generated rules.  iHeart Radio was coming with all kinds of blocked sites.  I have Sirius on now and zero blocks.  iHeart must be a turd.
			
			
			
				The auto-generated rules are consistent for internal interfaces.
But by default, LAN came with a "Default allow LAN to any" rule (one for IPv4, one for IPv6).
It does not belong with the auto-generated rules. You can edit or delete it.
That rule is not added by default on additional interfaces.
You don't even get DNS by default, let alone HTTP(s) access to anything.
You ought to be able to find out why iHeartRadio is not streaming.
Look into DNS filtering if you do any of this.
Look into the FW logs.
Etc...
			
			
			
				Excellent call.  Attached are the rules that are on LAN 1 that aren't on the others. Do you recommend I put these in the other LANs?
Also are the ones I added redundant?
			
			
			
				The first set is likely a consequence of "IPv6 Configuration Type" of the interface being different from the others.
It wouldn't hurt to get some consistency here (especially since you don't have IPv6 FW rules).
The anti-lockout rule is a safeguard so you don't lock yourself out with FW rules.
It's usually on lan or opt1. I'd need your interface assignments screenshot to identify which if that's important.
The force gw rule is likely on your other interfaces too.
With regards to the last set, the first one is more general than the following ones (which are thus redundant).
I'll note that logging is not enabled... It's easier to troubleshoot with logging.
Anything is allowed here, including streaming.
Do you use any kind of DNS filtering?
Unbound or AdGuard block lists? PiHole?
			
			
			
				I really appreciate your help.
			
			
			
				OK, so the rules you attached earlier are for the original 'lan' identifier, the 1st internal facing interface created during setup.
That explains why the anti-lockout rules appear on this interface.
I assume that is the interface on which iHeart works.
What custom rules do you have on the interfaces that cause trouble?
Also, you didn't confirm whether you use any kind of DNS filtering.
			
			
			
				No custom rules other than pass all to get to the Internet. I use Stephen List for DNS Blocking.
			
			
			
				I suggest you either temporarily disable some DNS filtering or look at the logs of your DNS server to correlate with iHeart streaming related requests.