On 2020-08-15, Sid Spry <s...@aeam.us> wrote: > On Fri, Aug 14, 2020, at 5:06 PM, Grant Edwards wrote: >> [...] >> >> > iptables -A OUTPUT -o <interface> -m owner --uid-owner plex -j DROP >> >> I can confirm, that did indeed work as desired. >> >> Even with the kernel rebuild it was far less work than getting set up >> to run a docker container (which also would have required a kernel >> rebuild) or running the server in a separate network namespace. >> >> [...] > > Are you able to see any perf impact from the generated but dropped > packets?
I haven't tried, but I it's detectable. Plex only sends out a handful of packets every 5-10 seconds. It wouldn't really matter except that the interface I want it to leave alone is attached to an internal network I use to develop/test IoT and industrial Ethernet devices, and I want to be able to run tests that are as predictable and repeatable as possible. It would probably be better to run Plex on a separate, small, silent, low-power, headless server but I've already got enough machines to maintain. -- Grant
