I want to send updated URL's, IP's to my firewall rules & layer 7 addresses.
I want to get an instant notice when something new is blocked from inside the network heading outbound.
Which will hit my site where we can do all the logic & notifications. Then send down a command to allow it or ignore.
In other words, i want to BLOCK ALL incoming & Outgoing traffic for all hosts, DNS and IP. Then Manually allow them 1 at a time. (Yes i know how much work that would seem like to get started).
Hardware is going to be your limitation, not that of any viable OS, be it OpenWrt, a reputable Linux-based distro, FreeBSD, or the like. (Well, that and TLS makes "Layer 7" filtering virtually impossible.)
If you've got more than a trickle of traffic, your firewall logging alone will bring any all-in-one router to a standstill, well, more likely crash, between CPU and memory exhaustion. That's before you even try to send them to a remote machine.
Add in trying to watch the entire Layer 7 exchanges, where you can, and you're asking a $5 SoC to be able to do the work of a full-blown IDS.
What does openwrt use for it's firewall or blocking ect? I'm familiar with 'scripts'.
I need to know what to look into changing/modifying to kick off the script.