I use these lists myself: http://sysctl.org/cameleon/hosts https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt https://hosts-file.net/ad_servers.txt https://mirror1.malwaredomains.com/files/justdomains https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist http://someonewhocares.org/hosts
I run them through a shell script that creates an unbound config file that redirects the requests to a dedicated httpd that returns an HTTP 204 for anything except images. Those get a 1x1 gif back. The only issue I have is with sites that redirect links to a tracker, but I can live with taht. On Mon, Oct 30, 2017 at 9:50 PM, <greg...@airmail.cc> wrote: > Hi, > I'm new to this area, but I would like to filter some traffic. > The goal is to keep people secure while web browsing, not to censure. > And also enable better privacy, mainly stop "malware" and > tracking/ads as restrictively as possible. > > I have 3 questions, in case someone here has the time to answer me: > > 1. What layers I should be filtering? Direct IP drop using pf, > DNS drop with NSD/Unbound server, layer 7 with relayd, etc. > > 2. If the right approach is blacklisting domains, then what list > do OpenBSD users recommend to use? People seem to be using these > two, but I would like to know the opinion from OpenBSD users: > http://www.malware-domains.com/files/ > https://hosts-file.net/?s=Download > > 3. There's any well designed tool that I can automatically update > these lists (using pledge and signify, for example), or a simple shell > script is enough? > > > Any advice is welcome. > -- :wq!