I do not follow, how would your suggestion (not bad, I have made similar suggestion in the past, it is baiscally to have the mimic what the players are doing) solve the issue with players tinkering with their network and firewall settings, that is outside of the game?
Because it is not that hard to make your computer mostly inaccessible to other players to instance with.
what it comes down to, are a few simple steps.
Figure out what IP subnet Frontier uses for the server part of Elite. So you can whitelist those IP's
Configure your game for a static port
Add a FW rule that block all incoming traffic on that port except from Frontier servers (see above)
Add a FW rule that block all outgoing traffic from Elite except for traffic going to Frontiers servers (see above)
And now your client should basically be an "island" regardless of what game you chooses to start in, and Open should more or less be the same as Solo...
And if you want to to play in Open with friends, just adds your friends IP's to the while list, as you have done with the Frontiers servers...
the hardest part is to figure out all the relevant subnets that Frontiers servers are located on, and if they changes..
this is why forcing players into open that do not want to be there, is such a stupid idea...
NOTE!
The same principle should work on consoles, but it is made much harder as we cannot easy target just a specific game traffic... as we can when we mess around with the local firewall on our windows pc.