I need a firewall (preferably a hardware box, not software or a VM, although I'll resort to that if I have to), that can block outbound connections (from LAN to WAN) based on if they appear in a DNS blacklist.
For those of you who don't know, this is similar to how mail servers block bad messages: if the referring IP of the incoming message is found on the DNSBL (usually a 127.0.0.x response) then deny the connection.
...but I want to do this at the network perimeter level, for any traffic (any port) to that IP. It is not reasonable to cache or pull an update of a list of IPs I wish to block - it needs to be near-real-time as the block-list contains around 4000 ever changing IPs.
This is the DNSBL I wish to use - .tor.dan.me.uk - see https:/
I am more interested in the entry nodes rather than the exit nodes
Ideas?
