pfSense and Disney+

Hi all

pfSense seems to be blocking Disney+ on my local network, I am running pfblockerNG but my IP from my PC (testing disneyplus.com) does not even show in the Alerts, nor the Firewall block page.

I’ve added an IPV4 whitelist in pfblocker, with the following sites whitelisted by IP:

• disneyplus.com
• bamgrid.com
• bam.nr-data.net
• cdn.registerdisney.go.com
• cws.conviva.com
• d9.flashtalking.com
• disney-portal.my.onetrust.com
• disneyplus.bn5x.net
• js-agent.newrelic.com
• disney-plus.net
• dssott.com
• adobedtm.com

And still, the app/site does not log in (error cove 90 on the app). My DNS is set to 8.8.8.8 & 8.8.4.4 on pfSense.

I’m not using DNSBL yet in pfblocker. Is there a way I can whitelist domains in pfblocker rather than IP’s?

I’ve reloaded pfblocker for the IPs in the whitelist to take effect.

Any ideas?

Thanks

I have a netgate SG-1100 with pfblockerng using the same block lists used by the pi-hole project and these are the responses I get on my network (see below).

Even with the results I have below, I can still use Disney+ on any of my devices (AppleTV, iPhone apps).

I believe error code 90 is a problem on Disney’s side. Check out this site: https://www.psu.com/news/disney-plus-unable-to-connect-all-error-codes-how-to-fix-them/

Hope this helps in your troubleshooting the issue. Good luck.

dig disneyplus.com +short
54.218.188.255
34.218.145.143
54.71.61.241
dig@8.8.8.8 disneyplus.com +short
34.218.145.143
dig bamgrid.com +short <<<< No answer
dig @8.8.8.8 bamgrid.com +short <<<< No answer
dig bam.nr-data.net +short <<<<Blocked by pi-hole filters
0.0.0.0
dig @8.8.8.8 bam.nr-data.net +short
162.247.242.21
162.247.242.18
162.247.242.20
162.247.242.19
dig cdn.registerdisney.go.com +short
cdn.registerdisney.go.com.edgekey.net.
e11276.g.akamaiedge.net.
23.32.212.10
dig @8.8.8.8 cdn.registerdisney.go.com +short
cdn.registerdisney.go.com.edgekey.net.
e11276.g.akamaiedge.net.
104.122.45.218
dig cws.conviva.com +short <<<<Blocked by pi-hole filters
0.0.0.0
dig @8.8.8.8 cws.conviva.com +short
cws-us-east.conviva.com.
cws-sjc2.conviva.com.
199.127.193.103
dig d9.flashtalking.com +short
ft.device9.com.
tag.device9.com.
52.4.252.13
52.45.103.247
52.202.125.104
54.210.34.188
34.198.39.84
52.21.21.226
50.19.203.158
52.45.228.37
dig @8.8.8.8 d9.flashtalking.com +short
ft.device9.com.
tag.device9.com.
52.202.125.104
52.4.252.13
3.225.38.203
34.198.39.84
50.19.203.158
52.21.21.226
34.196.181.76
34.195.105.235
dig disney-portal.my.onetrust.com +short
104.18.72.11
104.18.73.11
dig @8.8.8.8 disney-portal.my.onetrust.com +short
104.18.72.11
104.18.73.11
dig disneyplus.bn5x.net +short
54.88.152.52
18.205.137.4
3.219.117.43
3.232.204.104
dig @8.8.8.8 disneyplus.bn5x.net +short
54.88.152.52
3.232.204.104
3.219.117.43
18.205.137.4
dig js-agent.newrelic.com +short <<<<Blocked by pi-hole filters
0.0.0.0
dig @8.8.8.8 js-agent.newrelic.com +short
f4.shared.global.fastly.net.
151.101.2.110
151.101.66.110
151.101.130.110
151.101.194.110
dig disney-plus.net +short <<<< No answer
dig @8.8.8.8 disney-plus.net +short <<<< No answer
dig dssott.com +short <<<< No answer
dig @8.8.8.8 dssott.com +short <<<< No answer
dig adobedtm.com +short <<<< No answer
dig @8.8.8.8 adobedtm.com +short <<<< No answer

Thanks Ive added those IP’s into my whitelist to no avail. Still get error code 90.

You have the ‘Gaston’ package installed.
Tell-tale sign in the package logs are the lines:

You're secure with Gaston.
No hacks with Gaston.
Only connect to 127.0.0.1 with Gaston.

Sorry, I couldn’t resist.