|
|
|
|
|
|
by tmerc
619 days ago
|
|
|
Yes, generally that concept is possible. I don't know of software that makes a whitelist firewall easy to use. You also run into problems when your streaming provider updates ip addresses or cdn DNS names, which can be frequent. The other issue with this is that the streaming provider that you pay might also be adversarial. You may want to allow some of their traffic but not other. So you end up maintaining some kind of list that can break your streaming experience if you don't maintain it. As content providers consolidate on shared infrastructure (AWS, gcp, etc) the chances of good and bad actors using the same IP increases. This decreases the effectiveness of firewalls that operate on ip:port matching. Most firewalls do this. Realistically, what you probably want as a tech savvy consumer is home network level DNS blacklist. It is not a firewall and it doesn't technically block traffic. It does prevent traffic from leaving the device if the DNS the device wants to send to is blacklisted. This exists (pihole) and can be added to a network fairly quickly. Bad actors could bypass your DNS or use known ips directly. Whitelisting dns would also work with the caveat that you'll need to update the list frequently and I don't think pihole was designed for this. All of that is fairly complicated. A wireless keyboard and mouse and HDMI cable are cheap and laptops are plentiful. You will have the same adversarial content provider issues with a laptop, though. Scriptsafe and ublock can help. Laptops actually shut down when you tell them to. Your tv is probably on even when the screen is off. I made this decision recently when I inherited a Sony TV with a house. It has not been connected to a network and I use a laptop to stream. I also run pihole, scriptsafe, ublock, and I pay for most of my streaming providers. They're still getting data on me, but less than most people. |
|
|
no need to overcomplicate, your concerns are valid but we're not there yet. Above has worked fine for 2+ years as is.