Blocking Samsung 'smart' TV from calling home

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions
Goto page 1, 2  Next
Author Message
Steve606
DD-WRT Novice


Joined: 24 Dec 2019
Posts: 5

PostPosted: Tue Dec 31, 2019 23:58    Post subject: Blocking Samsung 'smart' TV from calling home Reply with quote
Greetings

I would like to use dd-wrt on my Netgear R7800 to block my Samsung TV from accessing various web addresses, while allowing it to access others, but I don't know even the terms I would search to get help climbing the learning curve on this.

eg., blacklist any url containing samsung. While all other devices on the network will not be restricted. Is this possible, or am I asking the wrong question maybe?

Any info or assistance on where I could start will be much appreciated!
Sponsor
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 5262
Location: Texas

PostPosted: Wed Jan 01, 2020 0:51    Post subject: Reply with quote
Most likely should leave it so it can update itself and whatever apps it uses.

However, you can put it on its own network isolated from your main net.
That's how mine is. I also have my TV wired rather than wireless so I have 1 port on router in VLAN isolated net.

Easy if it is wireless but NOT too hard to VLAN either.

but that's just my opinion
AND
you really should ask this question in the atheros forum --
https://forum.dd-wrt.com/phpBB2/viewforum.php?f=28
since it pertains to the R7800
Steve606
DD-WRT Novice


Joined: 24 Dec 2019
Posts: 5

PostPosted: Wed Jan 01, 2020 3:36    Post subject: Reply with quote
mrjcd wrote:
Most likely should leave it so it can update itself and whatever apps it uses.

However, you can put it on its own network isolated from your main net.
That's how mine is. I also have my TV wired rather than wireless so I have 1 port on router in VLAN isolated net.

Easy if it is wireless but NOT too hard to VLAN either.

but that's just my opinion
AND
you really should ask this question in the atheros forum --
https://forum.dd-wrt.com/phpBB2/viewforum.php?f=28
since it pertains to the R7800


Will do, and thanks for the info.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3702
Location: UK, London, just across the river..

PostPosted: Wed Jan 01, 2020 14:59    Post subject: Reply with quote
add this line in Firewall script, to stop your
tv, to access WAN side/Internet, it will be available on a Local LAN only..


iptables -I FORWARD -i br0 -o $(nvram get wan_iface) -p tcp -s 192.168.1.100 -j DROP

replace 192.168.1.100 with your TV IP...

you could fabricate various rules using iptables

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 43886 BS AP,NAT
TP-Link WR740Nv4 ------DD-WRT 43028 BS WAP/Switch
TP-Link WR1043NDv2 ----DD-WRT 44048 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----DD-WRT 43886 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 43886 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -------DD-WRT 43886 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Thu Jan 02, 2020 6:14; edited 1 time in total
Steve606
DD-WRT Novice


Joined: 24 Dec 2019
Posts: 5

PostPosted: Wed Jan 01, 2020 15:02    Post subject: Reply with quote
Thanks! That's what I needed.
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 861
Location: Appalachian mountains, USA

PostPosted: Thu Jan 02, 2020 21:04    Post subject: Reply with quote
Alozaros wrote:
add this line in Firewall script, to stop your
tv, to access WAN side/Internet, it will be available on a Local LAN only..


iptables -I FORWARD -i br0 -o $(nvram get wan_iface) -p tcp -s 192.168.1.100 -j DROP

replace 192.168.1.100 with your TV IP...

you could fabricate various rules using iptables

Maybe I'm missing something, but isn't that also going to keep the TV from accessing all of the desired streaming sources? Basically it won't let the TV use TCP on the internet at all, correct? And it's not like you can just override this iptables rule with another more specific one to allow those streaming services, since there may be many IP addresses involved for each. Same problem for blocking specific Samsung sites. Which ones?

I'd love to hear of a solid solution to this problem. I just gave up here, other than of course diving into the TV settings to turn off "sharing" or Smart Interactivity or whatever. Never sign up for anything in the modern world with "smart" in its name! Wink

_________________
Five Linksys WRT1900ACSv2's on 42926, 43904:
VLANs, multiple VAPs, NAS, QoS, client-mode travel router, OpenVPN client/PBR (AirVPN), wireguard/PBR (AzireVPN), two DNSCrypt servers (incl Quad9) routed through OpenVPN.
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 6870
Location: Texas, USA

PostPosted: Thu Jan 02, 2020 21:55    Post subject: Reply with quote
Streaming, software updates, pretty much everything network-related. Which isn't always a good idea if one wants to stay current on software patches. The alternate method of updating software (firmware) is usually via USB stick. The problem with that is, if the TV is mounted on a wall and you didn't insert a USB extension cable to facilitate this, you're in for some fun. If you want to block specific destinations otherwise, well, that could get really complicated as you may wind up running out of nvram space. Ideally, you can separate your TVs on a separate VLAN and then do whatever you wish with security in mind. Or, never allow them to be network aware at all and then just update via USB. I miss the days of regular ol' antenna or cable TV without all this nonsense.
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
Steve606
DD-WRT Novice


Joined: 24 Dec 2019
Posts: 5

PostPosted: Fri Jan 03, 2020 0:53    Post subject: Reply with quote
My use for this will be to block specific servers. My TV is a few years old and I only use it online for Netflix, aside from that I get over-the-air TV and use an HTPC setup on a separate device for most everything. I don't use or want to use any of the other online apps on the TV. If the device protests that it needs an update, I can always unblock things for the moment.

With the Parental Controls of my previous router, a TP-Link Archer A7, I could see in the log the servers the TV accesses online, and could collect keywords to block them. Worked pretty well, but this new router is better, and I also want to have some fun configuring and learning network stuff.

I haven't done anything with it yet, but I thought using iptables and or VLAN might allow me to let certain servers be accessed, and others not... is that not right?
ATHF
DD-WRT Guru


Joined: 14 Dec 2015
Posts: 717
Location: 127.0.0.1

PostPosted: Fri Jan 03, 2020 5:08    Post subject: Reply with quote
kernel-panic69 wrote:
I miss the days of regular ol' antenna or cable TV without all this nonsense.


My best friend used to work at Geek Squad up til a year ago, I said why doesn't best buy have good dumb TV's? He said why would anyone want that? So, I came out rambling with a lot of reasons, and he said oh wow I never thought about it like that. I said if I want to make my TV smart, I do it on my terms not theirs!

Then he said that still make those? I said yeah, and they aren't half bad LOL!!

_________________
Tutorial for flashing WRT series
WRT Installation,Upgrade & Basic Setup–Cliff Notes
DD-WRT Firmware: r42054: WRT3200ACM, WRT1200ACv1 (Smart crap subnet), WRT1900ACv1
Velop:3 WHW0101, RE6500, RE9000
TWC/Spectrum - 300/25
SysLog Watcher 5, Security Onion on Virtual Box, Fingboxes, PiHoles
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3702
Location: UK, London, just across the river..

PostPosted: Fri Jan 03, 2020 7:44    Post subject: Reply with quote
yep using this line will cut off any internet to this TV
there are more elegant ways to block those sites and permit only those you'd need...
I dont think parental controls, keyword-based are working along DD-WRT...usually those block only http sites...

your best bit is a isolated VLAN or managed switch..
as the problem is not all those sites/services on the WAN side, but more likely to isolate the smart TV from connecting to other devices on the LAN side...
on DDWRT iptables rules are working only WAN to LAN and opposite, sadly iptables rule are not affecting LAN to LAN communication...

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 43886 BS AP,NAT
TP-Link WR740Nv4 ------DD-WRT 43028 BS WAP/Switch
TP-Link WR1043NDv2 ----DD-WRT 44048 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----DD-WRT 43886 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 43886 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -------DD-WRT 43886 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Steve606
DD-WRT Novice


Joined: 24 Dec 2019
Posts: 5

PostPosted: Sat Jan 04, 2020 5:28    Post subject: Reply with quote
Alozaros wrote:
[...]the problem is not all those sites/services on the WAN side, but more likely to isolate the smart TV from connecting to other devices on the LAN side...
on DDWRT iptables rules are working only WAN to LAN and opposite, sadly iptables rule are not affecting LAN to LAN communication...

What type of device on the LAN would it connect to? I had not thought of this.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3702
Location: UK, London, just across the river..

PostPosted: Sat Jan 04, 2020 7:46    Post subject: Reply with quote
well.... as they claim to improve connectivity those smart devices sometimes try to connect to devices sitting on LAN side like PC, Phones, Tablets and so on...sometimes those smart devices could be compromised and tapping on the LAN sniffing other communications...

That's y i said its good to isolate all those smart devices on a managed switch and VLAN on the router side...

I personally never trust anything that has IoT or called 'smart'

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 43886 BS AP,NAT
TP-Link WR740Nv4 ------DD-WRT 43028 BS WAP/Switch
TP-Link WR1043NDv2 ----DD-WRT 44048 BS AP,NAT,AP Isolation,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----DD-WRT 43886 BS AP,NAT,AD Block,Firewall,Local DNS,Forced DNS,DoT,VPN
TP-Link WR1043NDv2 ----Gargoyle OS 1.12.0 AP,NAT,QoS,Quotas
Qualcomm/IPQ8065
Netgear R7800 -------DD-WRT 43886 BS AP,NAT,AD-Block,AP&Net Isolation,VLAN's,Firewall,Local DNS,DoT
Broadcom
Netgear R7000 -------DD-WRT 43886 BS AP,Wi-Fi OFF,NAT,AD-Block,Firewall,Local DNS,Forced DNS,DoT,VPN
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 by mac913
Mangloiya
DD-WRT Novice


Joined: 04 Jan 2020
Posts: 1

PostPosted: Tue Jan 14, 2020 12:01    Post subject: Reply with quote
SurprisedItWorks wrote:
Alozaros wrote:
add this line in Firewall script, to stop your
tv, to access WAN side/Internet, it will be available on a Local LAN only..


iptables -I FORWARD -i br0 -o $(nvram get wan_iface) -p tcp -s 192.168.1.100 -j DROP

replace 192.168.1.100 with your TV IP...

you could fabricate various rules using iptables

Maybe I'm missing something, but isn't that also going to keep the TV from accessing all of the desired streaming sources? Basically it won't let the TV use TCP on the internet at all, correct? And it's not like you can just override this iptables rule with another more specific one to allow those streaming services, since there may be many IP addresses involved for each. Same problem for blocking specific Samsung sites. Which ones?

I'd love to hear of a solid solution to this problem. I just gave up here, other than of course diving into the TV settings to turn off "sharing" or Smart Interactivity or whatever. Never sign up for anything in the modern world with "smart" in its name! Wink


This is exactly what I was also thinking. If you use that line code to block your TV from accessing those particular sites, but in reality it is going to block all the streaming sites altogether. So then what will be the use of a Smart TV? If you can't really access your desired streaming services and also updates then what is the point of having a Smart TV?
There should be a way around this.
LizardWizard
DD-WRT Novice


Joined: 14 Jan 2020
Posts: 3

PostPosted: Sun Jan 19, 2020 18:42    Post subject: Reply with quote
This is exactly what I've been looking for an answer too. I know people like to use the smart features of a so called smart TV but most CPUs in TVs lack proper media decoding capabilities, are laggy as hell when it comes to Android, and not to mention the privacy implications of having it connected to the internet at all (see camera, microphone spying, monitoring content watched..etc). Get a proper media player like Nvidia Shield or something people. They get updated constantly. Very Happy

Alozaros wrote:
add this line in Firewall script, to stop your
tv, to access WAN side/Internet, it will be available on a Local LAN only..


iptables -I FORWARD -i br0 -o $(nvram get wan_iface) -p tcp -s 192.168.1.100 -j DROP

replace 192.168.1.100 with your TV IP...

you could fabricate various rules using iptables


Thank you for this. I'm assuming if I setup some sort of DLNA media server, TV would be able to access that?
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 6870
Location: Texas, USA

PostPosted: Sun Jan 19, 2020 18:56    Post subject: Reply with quote
Samsung firmware updates are constant, as well. I don't know about TVs with cameras or microphones, but you could spend a lot of time blocking all but essential firmware update traffic to and from the TV and it probably wouldn't matter.
_________________
Official Forum Rules, Guidelines, and Helpful InformationFirmware FAQInstallation WikiWhere Do I Download Firmware?
DON'T use Chromium-based browsersRTFM/STFW - TL;DR is NOT an excuse. • Why Should I Care What Color the Bikeshed Is?
Please DO NOT PM me with questions; Ask in the forum.

---------------------------------------------------------

Linux User #377467 counter.li.org / linuxcounter.net
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum