I need an adblock. I know that it is recommended to use squid, but it requires configuration on machines and software. My network is home. Recommend using adblock with unbound. Any scripts?
Why is ad-blocking using the proxy not an option for you?
I would very much wish. Some time ago I set up on a corporate network. Before, you had to add credentials to each workstation. Soon we used the wpad via dhcp, but it was necessary to organize automatically in each application.
I tried to organize the automatic wpad dhcp on ipfire, but I couldn’t.
Did you ever open any of those lists?
There are sometimes only 10-ish domains on them. They look very very incomplete and absolutely not suitable to filter any malware. You should use the IPS for those purposes.
I agree. I appreciate the advice. I’ll check. I already use Suricata.
One more question: Suricata intercepts my customized DNS IP. Should I add to the allowlist?
ET INFO Observed DNS Query to .cloud TLD
Priority: 2 Type: Potentially Bad Traffic
if you enabled Suricata, it “intercepts” any traffic on the interfaces it has been configured to do so. Those are informational IPS hits because something queried a
.cloud domain, which might be suspicious depending on your environment.
Please refer to
- Lot of entries, what now? (2nd post within that thread)
- Lot of entries, what now? (5th post within that thread)
for further information on IPS rule selection as the original poster there is dealing with the same kind of IPS rule hits. Ignoring IP addresses should be the ultima ratio, as you cannot do so for certain IPS rules only - and you probably won’t allow your DNS server to bypass other IPS categories as well (C&C traffic via DNS tunnelling, et al.).
Another question: in common sense, we should change blacklist, withelist by blocklist and allowlist
This is a touchy subject, and should be discussed within a dedicated thread, to keep this one focused to the technical issue.
Thanks, and best regards,
I agree. Very clever.
I agree. I edited this post. I will create the topic.