Hello *,
as a footnote on including blacklist feeds covering not inherently malicious networks, I do not think it is wise to overdo things here.
In my point of view, the main intention of Tim's effort was to drop connections from criminal or heavily abused IP addresses/networks efficiently. Compared to what we have today, this is a huge improvement of which nobody I think is in denial.
However, we must keep in mind dropping packets from and to certain destinations can cause massive confusion and endless troubleshooting if somebody sits behind such a firewall without being informed about this.
From my own experience, convincing (network) administration staff and/or
management folks to do take step can be quite challenging - it is hard to imagine they will like a transparent advertisement blocker at IP level better.
Further, this reminds me of projects like PiHole - which is basically doing the same thing at DNS level - which I never liked at all. If anyone intends to block or filter traffic to certain destinations, non- transparent proxies are the way to do it: Everybody is aware of something between client and server and does not take unlimited connectivity for granted. Everybody can easily tell the difference between connection failures due to network issues and policy reasons.
PiHole et al. exists because we unfortunately have to deal with devices (a) lacking support for HTTP(S) proxies (b) connecting to advertisement, tracking or even worse destinations.
Personally, I made good experience in strictly enforcing proxy support: If a device lacks it, it will not get any internet connectivity. Period.
Thereof, I suggest not to include non-malicious blacklists in this feature and attempt to ship a first operational version of it rather than arguing for a long time about possible improvements or disadvantages. I certainly have to swipe my own hallway first on this... :-)
Thanks, and best regards, Peter Müller