I've been looking into doing a Pi Hole, but I also like handling my own recursive resolution when I had the idea to just resolve those blacklisted domains on a daily basis, build a list of /32s and /128s, then peer my firewall with a server to get the list of IPs and null route them. Does anything like this already exist or is there anyone who sees a use-case outside of home use that could be marketed or even just done as a public service?
The really nice thing about this would be that it allows the end user to ignore whole blocks of these "announcements" as needed. It could also use communities to tag certain IPs based on what they are being listed for, EG, Facebook tracking, Google adsesne, known malicious endpoints, Microsoft telemetry (which some might want to leave on), etc.
I know that this basically already exists with subscription based content filtering; $_dayjob runs Palo Alto firewalls with all the goodies enabled, but that requires a firewall and can't do all of that at line rate. Route based dynamic blacklists could be run as fast as the router can normally forward the traffic and on any platform that supports BGP.
No comments:
Post a Comment