I have been reading around the internet that I should be able to block traffic with two different methods. First of them is the hosts file. That's not my choice, because I would like to be able to customize the filters for specific users. The other way is use a proxy server with filters and let VPN traffic flow through it. Well. I have no experience with Proxies. I don't even know where to start from to create my own Proxy and I'm not sure can I add specific internal IP's traffic go through Proxy because I want to control them all individually or/with groups.
I already have a front-end panel where my client can change between normal VPN connection to full traffic through and I would like to make some basic set of filters for them so they can apply them from my front-end panel, for example, to stop tracking. I would like to block the most common trackers and set them to this specific rule and apply that rule to the client's connection if he wishes to do so.
Can somebody help me out and tell me the most efficient ways to block traffic by the client's IP address from the host machine. More guidance is also appreciated.
Best Answer
For "Blocking Website" you need application filtering capability actually you can not block a website in layer 3 because the IPs are dynamic and it is possible that will be changed so you can not change your ACLs every time.
What you need is a intermediate application that has filtering capability like a proxy, there are many possibilities you can pick one you are more familiar with and can manage easily.
Squid would be a good choice, you can use opensource products like "PfSense" or "OPNsense" for managing the Squid, this link pfsense-web-filter-filter-https-squidguard might be also useful.