I need some help to configure my guest wifi in a way that maybe dangerous websites are blocked. So far I have used firewall traffic rules but is there any comfortable way? I think it would be nice to add like a txt file which serves a blacklist and then use that as blocked destinations INSTEAD of typing in every single IP address.
For now I am working with LuCi because I don't know how to edit with command lines or even how to get to the command line section.
Both of these need to run on the router, not a (dumb-) AP (unless you you play around with DHCP option 6 (only applies to adblock, not banip), but that's very prone to creating circular dependencies and far from AP usage scenarios).
That said, adblocking (and to a similar degree banip as well) needs RAM (to download, process and provide the blocklists to dnsmasq; dnsmasq's forking behaviour on tcp requests doesn't help this either), 128 MB RAM devices already need to limit the number of blocklists to survive, 32 MB is pretty much out of the question for any of the common (large) blocklists.