Hi, I'm new to this area, but I would like to filter some traffic. The goal is to keep people secure while web browsing, not to censure. And also enable better privacy, mainly stop "malware" and tracking/ads as restrictively as possible.
I have 3 questions, in case someone here has the time to answer me: 1. What layers I should be filtering? Direct IP drop using pf, DNS drop with NSD/Unbound server, layer 7 with relayd, etc. 2. If the right approach is blacklisting domains, then what list do OpenBSD users recommend to use? People seem to be using these two, but I would like to know the opinion from OpenBSD users: http://www.malware-domains.com/files/ https://hosts-file.net/?s=Download 3. There's any well designed tool that I can automatically update these lists (using pledge and signify, for example), or a simple shell script is enough? Any advice is welcome.
