Comment by rookderby
7 days ago
I like this tool a lot and think it's superior to my own automation tools to generate giant host file blocklists. So, I'll be looking into switching to sinkzone. That said, my understanding is that applications can still make direct connections where an application connects using an IP address (without looking it up via DNS). I guess I use firewalls for that but haven't gotten around to adjusting anything from the defaults. Also could use a reverse proxy but haven't taken the time to set one of those up yet either. Does anyone have recommendations for a 'second step' on the network security path? Setup a PF router?
I use hagezi lists via rpz for dns blocking with my own specified first for custom blocks and whitelisting.
Most of my ip blocking is by country or company. I have country, company-block, and company-allow lists in pf that are updated nightly.
I have found that once your dns list is sufficiently robust you rarely trigger an ip block. I have to add a new domain about once a month.