On Mon, 30 Oct 2017 20:50:46 +0000 greg...@airmail.cc wrote: > Hi, > I'm new to this area, but I would like to filter some traffic. > The goal is to keep people secure while web browsing, not to censure. > And also enable better privacy, mainly stop "malware" and > tracking/ads as restrictively as possible. > > I have 3 questions, in case someone here has the time to answer me: > > 1. What layers I should be filtering? Direct IP drop using pf, > DNS drop with NSD/Unbound server, layer 7 with relayd, etc.
I'm filtering web traffic with squid, a http proxy. That way I can give more information to users about reasons for restriction, not just "request timeout" or "no dns record". > 2. If the right approach is blacklisting domains, then what list > do OpenBSD users recommend to use? People seem to be using these > two, but I would like to know the opinion from OpenBSD users: > http://www.malware-domains.com/files/ > https://hosts-file.net/?s=Download I had good experience with http://www.shallalist.de/ > 3. There's any well designed tool that I can automatically update > these lists (using pledge and signify, for example), or a simple shell > script is enough? ftp and reload service. -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
