Yes DNS and pihole were never thought as content filtering tools
dontblink
I need to block IPs and unauthorized connections that are not http/https as well, I know about DNS filtering but it's not what I am trying to achieve.
Didn't know about CENO, it looks super cool! Might have to dig more into TOR as well
Maybe search engines idk, something like Yucy?
Exactly! I don't see why we have to rely on the old internet infrastructure for a completely differently conceived type of distributing content!
There's stuff like ipfs, and I'm sure there are many ways to make self hosting easier..
We normalize everyone has a modem/router/access point at home: we should normalize everyone having his own server hosted, bitcoin node, ipfs node etc etc..
And your right, these services have to be super easy to deploy.. I think containerization might be helping with this.. Think about docker or Nixos.. Make a nice GUI and simplify docker even more and you get packages that can run on any distro in any OS, that even a complete noob could spin up! Maybe paired with repos that host most of the self hostable stuff.
But yeah I think the whole structure might be have to be rethought, from the way we host to the way we can connect to each other.. We got to give everyone the possibility to decide which web they want to be part of, and federation definitely allows this!
Do you think a Proxy would be better in this regard compared to a firewall? I was trying to watch the logs of ufw today and see if I could do something there but the incoming and outgoing connections are A LOT, and I would essentially like to whitelist both per domain and per IP.
How much maintainance would this require? I wonder how often IPs change today, but with all the NAT, dynamic DNS and CDNs there around maintaining a whitelist only with IP addresses looks like a nightmare..
Squid proxy with squidguard could be a better option than trying to work with a forewall maybe?
Any suggestions on the how?
It looks really complicated, very different from Linux! I cannot understand properly all the sandboxing thing.. But I guess it's years of development and policies enforcement.. Now I can see why Android it's much more closed compared to a normal Linux distro, I guess this provides a lot of security but less customization. I also have to understand the role of the device manager in all of this. Is there any Linux distro that behaves similarly?
Why so much effort into securing it? Isn't the Linux behaviour with users etc enough?
No it's more a user management thing, I would need users to access a certain list of whitelisted websites only..
Maybe proxy or dns? I've been looking in squid proxy but it looks fairly complicated, especially if I wanna be able to access it from wan.. But Idk if with DNS I could block ips as well. Setting up an hosts file seems like a lot of continuous work since I would have to specify entries for each ip address associated with domain.. Maybe firewall?
Yes it's more something like that, making certain type of content a lot less accessible.
I think it's all a problem of time: if we have more time to carefully think about what we are doing on our devices, we usually make better choices.
We need better tools to give us more time to actually evaluate and decide.
I'll make an example: I installed an android device manager which let me set a block timer for each new installed app, that means that whenever I install something new I will have some time to reflect on whether I actually need that new app or not, and most often than not, the answer is no.
Didn't think about the 2 machines thing. But yeah it looks definitely easier than setting a transparent proxy.. But I guess all of this has to be on the same network, I cannot use an external server to which I connect to via wan because at that point the connections would be already need to be unproxied going out right?
But can't your setup be done on the same machine with a firewall?