How to implement request whitelisting?

I would like to analyze the network traffic from a device and allow only some requests selectively.

More specifically, I’d like to initially block all requests from ever getting out and instead just watch in mitmproxy as the device attempts to make them.

Then, when I deem certain requests safe, I would write some whitelisting rules based on request URI, headers and body.

How do I accomplish that?

I tried reviewing the mimtproxy documentation today, but I can’t see a clear way.

Do I need to write an Add-On?

Does mitproxy even allow for blocking of requests - while still displaying them as the attempt is being made?

What interfaces do I use? Flow filters? (Is that documented anywhere, or am I to guess from the example or read the mitmproxy implementation?)