Make sure you add the URL that you're seeing.
You can add the lines to startup, or just run it from CLI, and see if it works.
Also - you will probably need to flush your cache from your "client" as well.
Instructions are different on Linux/Mac/Windows.. so just reboot - its same for all.
I don't think so. My plex works fine, and there is no such URL listed for me.
How are you looking for it?
By searching on google and plex forums it seems fairly well documented that plex does connect to linode, unless maybe you haven't updated the PMS software in the last 2 years. According to what I've read it has something to do with the remote connection/publishing the server. Something about a "geo located pubsub.plex.tv server".
I would try your code, but if your saying to replace the xxx with what I actually see, that would be impossible. Every time I restart plex it is a different one, but always something.members.linode.com. I've read posts of others that have blocked the specific url, only to have it connect to another. It even connects to it when remote connection is disabled.
I don't think so. My plex works fine, and there is no such URL listed for me.
How are you looking for it?
By searching on google and plex forums it seems fairly well documented that plex does connect to linode, unless maybe you haven't updated the PMS software in the last 2 years. According to what I've read it has something to do with the remote connection/publishing the server. Something about a "geo located pubsub.plex.tv server".
Then why are you trying to block it?
Quote:
I would try your code, but if your saying to replace the xxx with what I actually see, that would be impossible. Every time I restart plex it is a different one, but always something.members.linode.com. I've read posts of others that have blocked the specific url, only to have it connect to another. It even connects to it when remote connection is disabled.
You'd have to do the same with the iptables code that was provided.
Because I want to see if I can still connect with it blocked. I would be still more concerned if in fact you really aren't connecting to it. I don't think it's a windows only thing. I first noticed it using "TCPview" which generally shows 1 instance of it. Then I tried another program called "port expert" or something like that which also displays udp ports that are in use by programs, and that showed even more instances of it.
Because I want to see if I can still connect with it blocked. I would be still more concerned if in fact you really aren't connecting to it. I don't think it's a windows only thing. I first noticed it using "TCPview" which generally shows 1 instance of it. Then I tried another program called "port expert" or something like that which also displays udp ports that are in use by programs, and that showed even more instances of it.
Take a look here - old thread, but might be the answer?
I'm not sure if the iptables entry will block that, since it resolves the ip for the name only once and never "updates" [as far as i know]
But the code i entered previously for the hosts file should be able to handle it i believe.
Take a look here - old thread, but might be the answer?
Was there a thread you wanted me to look at?
So I had no luck with your code. I found that although plex was connecting to many different members.linode.coms, the conections would close once it connected to it's favorite li1241-250.members.linode.com. I was not able to block it with your code, or with the iptable as eibgrad posted it. However, the following seemed to work blocking it by CIDR:
Once it was blocked of course it just connected to a different one. I suspect there are probably 100s or even 1000s of xxx.members.linode.coms. In the short time I was playing with it this morning I noted 15.
Also, I have since removed that line from my firewall so I am no longer blocking that CIDR, but plex continues to connect to the one it reverted to when it was blocked, making me think that Plex logs that connection somewhere and reconnects to it upon reboot.
If we assume the problem is indeed all these 100's if not 1000's of xxx.members.linode.com domains, this is yet another example of where dd-wrt not having ipset support is a major letdown.
I'm not sure that it is causing a problem connection wise at this point. From my point of view, I just don't like the fact that my stuff is connecting to that, and the fact that it connects to it whether I have remote access enabled or disabled may indicate that it's not anything to do with remote access. Makes me wonder if someone is snooping LOL.
Yes I did check in the past with that command, and my build does not support ipset. I assume that is to do with hardware? So a more recent build is not likely to change that?
Was trying to find a way to block it in windows firewall but have not seen a solution there either.
This thread has been a bit confusing - i just want to verify you tried the latest code I entered. It doesnt try to block linode - it blocks pubsub.plex.bz.
The only other "workaround" [without ipset] that i can think of at the moment is to write a script to do an nslookup of every connection, and if its a "linode" add it to the firewall. For the record, i don't like it - it'd probably be resource intense, and you need to run it on a schedule to continue looking for the connection.
Something like this can identify the connections you're looking for and add the reject to iptables:
Just run that line, it will add the reject to iptables for the linode connections that are found.
Before I'm judged on the ugliness of the line [yes, run it all one one line]... I have no doubt that awk can do all that in one statement, I just don't have the time to figure it out at the moment.
So If you really wanted to add that line to a script, and a cron job to run it on a schedule - i think that's where we are...
and then rebooted the server. It did not block linode from connecting. I suppose it's possible it blocked some, but certainly not all. For all we know there may be other pubsub servers.
As far as the code you posted in the last post, I'm not sure I understand what it is you want me to do with it. Do I put it in the command box and "run command"? Save it to jffs and call it at start up? You said it will add the iptables to the firewall, so I'm pretty sure it doesn't go in there. Also, if there as many instances of linode as I suspect, do I have to be concerned about the firewall script exceeding my nvram?
As far as the code you posted in the last post, I'm not sure I understand what it is you want me to do with it.
As I mentioned - you can put it in a script, then call it on a schedule using cron.
Or you can run it once on the CLI [or from the Command box in the web GUI] - but then you said other connections will popup [which is why I mentioned the schedule]
This command wouldn't "fill up nvram": it looks at active connections, and adds to iptables according to the conditions. Nothing is committed to nvram.
The cron job would take nvram - and if you saved it in the "scripts" section it would also.
As I mentioned - you can put it in a script, then call it on a schedule using cron.
I can try that eventually when I figure out how. In the mien time I'll run it in CLI when I can later on. Have users connected to plex right now and don't want to risk booting them off. Will report back later.
No dice. Ran the code in CLI and rebooted the server. PMS connected to linode almost immediately after reboot.
I just want to clarify once again:
That line will add current "linode connections" to iptables with the REJECT line that was provided previously. It will not prevent further/new connections to different "linode DNS's".
So I said: Run it on a schedule, and if you collect "enough addresses" to block, then at some point "you win".
You already said if you block one, another pops up. Also that you do not know all the addresses to block.
What the line will do is collect [from the list of CURRENT CONNECTIONS] any "linode connections" you have, and add them to iptables.
So run it enough to collect "critical mass", but not so frequently that your router is doing nothing but that.
The previous "linode connections" are not removed, so eventually you'll block all that you need to block.
Maybe once you see its not happening any more, you can make permanent firewall rules to "seed the service"? - that'd be your choice...
Does that make it more clear?
I wrote this for you: https://pastebin.com/GqKfuWSY
You need to add a cron job for this to run on a schedule - or i can modify it to run in a loop in you prefer. But again - I do not think this is a appropriate approach. Maybe you can try it, and if it works for you... we can come up with something more elegant.
Yes I understand. I was reading up on Cron jobs last night, but don't really understand the procedure, and given how outdated everything else in the wiki seems to be, I'm wondering if the directives for cron are up to date.
So if your saying each time the line is run it will create a new iptable to block the current connection, presumably it won't block that connection until the server reboots? My Server and router are both set to reboot between 3-4 am local time and I see that plex is connected to a different linode than it was last night.
