| 1 |
On 2020-08-15, Sid Spry <sid@××××.us> wrote: |
| 2 |
> On Fri, Aug 14, 2020, at 5:06 PM, Grant Edwards wrote: |
| 3 |
>> [...] |
| 4 |
>> |
| 5 |
>> > iptables -A OUTPUT -o <interface> -m owner --uid-owner plex -j DROP |
| 6 |
>> |
| 7 |
>> I can confirm, that did indeed work as desired. |
| 8 |
>> |
| 9 |
>> Even with the kernel rebuild it was far less work than getting set up |
| 10 |
>> to run a docker container (which also would have required a kernel |
| 11 |
>> rebuild) or running the server in a separate network namespace. |
| 12 |
>> |
| 13 |
>> [...] |
| 14 |
> |
| 15 |
> Are you able to see any perf impact from the generated but dropped |
| 16 |
> packets? |
| 17 |
|
| 18 |
I haven't tried, but I it's detectable. Plex only sends out a handful |
| 19 |
of packets every 5-10 seconds. It wouldn't really matter except that |
| 20 |
the interface I want it to leave alone is attached to an internal |
| 21 |
network I use to develop/test IoT and industrial Ethernet devices, and |
| 22 |
I want to be able to run tests that are as predictable and repeatable |
| 23 |
as possible. |
| 24 |
|
| 25 |
It would probably be better to run Plex on a separate, small, silent, |
| 26 |
low-power, headless server but I've already got enough machines to |
| 27 |
maintain. |
| 28 |
|
| 29 |
-- |
| 30 |
Grant |
Archives