| >I don't have a filter list for compromised proxy servers and VPNs. Someone just joined the nuisance forums, and grabs the same Socks/Telegram proxy list they all use (mostly old infected/open servers.) When it comes to firewall rules it is a sensitive matter, and depends on the firewall setup (black-hole bans are generally considered rude, as even handshakes are lost.) For fairly recent personal ban lists could try: https://github.com/bitwire-it/ipblocklist https://www.iblocklist.com/lists And a Pi-hole router as a DNS sinkhole: https://github.com/pi-hole/pi-hole Sanitizing IP lists both before and after parsing is important, and checking for malformed or whitelisted blocks is wise. >Outbound, now that is more difficult to assess SELinux and firewall rules will handle that just fine for services, but is cumbersome for desktop users. In general, most just try "unshare -r -n /home/$USER/someApp" or a sandbox/VM to prevent some useful user-space program from connecting to the web. Dumping local traffic with wireshark or iftop is also rather common practice. Best of luck, =3 |