Suppose your Aunt or Uncle is easily fooled by phishing attempts and their computer has multiple root kits and key loggers running. Assume their computing habits will never change.
Looking at his wireless router you can see that he only visits a few dozen or a few hundred websites multiple times in a month. Instead of trying to keep the bad guys out, set up the firewall's default outbound rule to be block (deny/reject) everything to prevent the bad guys from getting out.
If this non-technical relative had a simple python program running with an ssh connection into the firewall, the program could monitor the IP addresses as they get blocked. The program would then ask the user if they want to access 72.21.211.176 Amazon.com (USA). If the user says yes, the program might then ask: Allow outbound access to all 72.21.. networks? This is an attempt to save some time creating a whitelist.
I know opinions vary as to the value of egress filtering. But with all the technology advances in the last 20 years, I find it frustrating that there is not a simple way for non-technical users to prevent sending data to that village in Wales (Llanfairpwllgwyngyll) that we all know is full of nation state hackers.
http://en.wikipedia.org/wiki/Llanfairpwllgwyngyll
Since I am more of a SQL developer than a security expert, I am posting this to see if this would realistically help secure the home network in the example above. Of course the solution is not perfect, but it seems like it would help. This thought came about after reading about DGA malware that have been known to create thousands of new domains per second and realizing that attackers are way more sophisticated than I imagined. http://en.wikipedia.org/wiki/Domain_generation_algorithm
UPDATE As both answers indicate, this is not a good way to approach the problem. Too many IPs in the world and the user can't be trusted to allow only safe domains.