OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: hjint on November 15, 2018, 10:50:51 am

Title: Netflix - Need help on how to block Netflix in a work environment
Post by: hjint on November 15, 2018, 10:50:51 am

I'm using OpnSense 18.7.7 in a work environment and trying to block access to Netflix, but no success

Steps followed
1. Created an Alias for www.netflix.com (pfTables updated with addresses)
2. Created Block rule on LAN - Source : any; Destination : Netflix Alias
3. Created Block rule on WAN - Source : Netflix Alias; Destination : any
4. Both rules sit at the top of the rule list
5. Added *.netflix.* to Forward Proxy ACL Blacklist
6. Google is not listed in the SSL No Bump Sites

Despite these, Netflix is not blocked

Any ideas or comments will be appreciated on how to block Netflix or if there are errors in the rules.

Update I have created an alias for a website http://www.6mmbr.com as a test and then created the same rules upto point 4 as above and I can't get OpnSense to block the website, have switched the source and destinations around, still no luck.

Title: Re: Netflix - Need help on how to block Netflix in a work environment
Post by: mrkev on November 15, 2018, 02:20:00 pm

How have you formatted the rule from the LAN side to block netflix? Are you using IP addresses? Netflix have a lot of IP ranges that they may use so it could be quite a big alias:

https://ipinfo.io/AS2906 (https://ipinfo.io/AS2906)

Title: Re: Netflix - Need help on how to block Netflix in a work environment
Post by: hjint on November 19, 2018, 07:27:12 am

The pfTable for the Netflix alias only reflects 16 IP addresses