One beautiful solution for blocking traffic is the Pi-hole. The best way is to run it is on a Raspberry-Pi (too easy, right? hahahaha!).
Seriously though, Pi-Hole is a DNS sink-server which blocks ads and malware based on DNS resolution. It has a light touch and can be installed via the Raspberry-Pi and that is where you should start for installing said Pi: https://www.raspberrypi.org/
Having received the Pi you then need to install the OS.
Here you have a couple of alternatives, just select the most suitable one for you and proceed with the installation: https://www.raspberrypi.org/downloads/
Now once the OS is running ok, start the terminal and enter:
curl -sSL https://install.pi-hole.net | bash
That should install the Pi-hole on your Raspberry Pi. There are alternative installation methodologies available as 'piping to bash' can be problematic as it doesn't allow you to see code that will run on your system. Therefore, we provide these optional installation methods which allow code review before installation:
git clone --depth 1 https://github.com/pi-hole/pi-hole.git Pi-hole cd "Pi-hole/automated install/" sudo bash basic-install.sh
wget -O basic-install.sh https://install.pi-hole.net sudo bash basic-install.sh
Please refer to the Pi-hole docker repo to use the Official Docker Images.
Follow the instructions prompted on the screen and Pi-hole will guide you through the setup process. Note: Please don't use Cloudflare (avoid as much as humanly possible anywhere) as the DNS when asked. A better, safer, more secure, more private choice during setup would be Quad9, for instance.
Record your Pi-hole IP address and password and there you are.....you now have a Pi-hole!
Log on to your router’s configuration page and locate the DHCP / DNS settings.
Note: make sure you adjust this under your LAN settings and not on your WAN. Find static DNS and exchange the DNS with the IP address for your Raspberry-Pi. Some routers may require you to provide 2 DNS, but here you can enter the one from your Raspberry Pi twice....simple!
You can also review the full 'how to' at https://discourse.pi-hole.net/t/how-do-i-configure-my-devices-to-use-pi-hole-as-their-dns-server/245
Now go to
pi.hole/admin on your browser
Login --> Settings --> Blocklist
There are already some pre-selected entries here and whilst these are great, please look to add any of the recommended list to make it even more powerful.
If you would like to host a pi-hole 'on the go' so to speak, digitalocean has a one click solution which combines Pi-hole with an OpenVPN.
However, unlike other websites we do not provide referrals for DigitalOcean, so this is an introduction but not a recommendation.
A couple of final points before we move on.....Pi-hole also has white and blacklists where you can manually add domains, you can even extend this with powerful regex and Wildcard blocking and a Query Log! How good is that?!?
Here you can see every connection made to and from your network, and you can manually block or unblock these queries. Talking of stats, the Pi-hole will also provide you with an audit log where you can keep track of the most queried domains, you can white and blacklist from this page to a central page.
There is a Privacy Mode whereby even when the Pi-hole is on your own Pi and no-one else can access it, you might still choose to hide the IP or have every query anonymized, so no more stats! Your call!
Please note: your ISP or DNS provider can still log your traffic, so the