etc/hosts working but not for faceCRook.com???

[TraderStf]

Hello,

Safari and Firefox does not block it facebook.com, www.facebook.com etc etc even if they are in the 'hosts' file?!

In Chrome, it's blocked/allowed 'on the fly', un/comment the lines, it respects the hosts file.

Any other site/domain is blocked or allowed but not FaceCRook...

No matter what you do, clean dns, cache, reboot, no extension, no antivirus, whatever.

FB is disabled in Sys Pref - Extensions.

Do you have the same?
How to figure out what's going on?

It was working before but is it macOS High Sierra 10.13.2 (17C88)

Thanks a lot!

[TraderStf]

After dozen of tests, I have figure out why Safari was not respecting the Hosts file.
IP6 in Syst Prefs.

Disable IP6 (in fact, local only) and it respects the Hosts file!!!

Probably the few other sites I have tested were not available on IP6.

That problem though does not exist with Chrome!!!

[lebensterben]

Do you disable IPv6?
If so, I guess FB is not blocked because Safari connects to it via its IPv6 address, while hosts file is not correctly configured for IPv6 ???

[lebensterben]

Please refer to this article, whose author had exact the same issue you had
https://coderwall.com/p/be52-a/ipv6-in-etc-hosts.

Also, it would be good to address the IPv6 configuration in the Host file section.

[TraderStf]

Thanks @lebensterben. Yes that's the same problem.

Though I don't use 127.0.0.1 but 0 (not even 0.0.0.0).
A single zero on macos is working perfectly, it's not the case on all OS.
It's also greatly reduce the file size.

I have red that using 127.0.0.1 needs 2 'redirections/connections' that 0.0.0.0 is better.

That means that 0 is not 0 for IP6 ¯_(ツ)_/¯
In Google Chrome it's blocked, which is more logical, 0=0

I will try with 0.0.0.0 or ::0 perhaps it will work for IP6.
Anyway Hosts is so limited, must specify all subdomains... better use a firewall, dnsmasq, macOS-Fortress,... I have 'star-ed' several in my github profile.

[TraderStf]

If someone is interested, messenger, instagram, whatsapp and other FaceCRook sites needs to be added. Near the end of the CDN section is the beginning of a study of their format, give up as explained before, hosts is too limited.

0 facebook.com
0 www.facebook.com

0 a.ns.facebook.com
0 apps.facebook.com
0 apps.beta.facebook.com
0 b.ns.facebook.com
0 canvas.facebook.com
0 developers.facebook.com
0 error.facebook.com
0 inspired.facebook.com
0 l.facebook.com		# youtube
0 m.facebook.com		# mobile
0 pixel.facebook.com
0 research.facebook.com
0 stories.facebook.com

0 ar-ar.facebook.com
0 bg-bg.facebook.com
0 bs-ba.facebook.com
0 ca-es.facebook.com
0 cs-cz.facebook.com
0 da-dk.facebook.com
0 de-de.facebook.com
0 el-gr.facebook.com
0 en-gb.facebook.com
0 eo-eo.facebook.com
0 es-es.facebook.com
0 es-la.facebook.com
0 fa-ir.facebook.com
0 fi-fi.facebook.com
0 fo-fo.facebook.com
0 fr-ca.facebook.com
0 fr-fr.facebook.com
0 he-il.facebook.com
0 hi-in.facebook.com
0 hr-hr.facebook.com
0 hu-hu.facebook.com
0 id-id.facebook.com
0 it-it.facebook.com
0 ja-jp.facebook.com
0 ko-kr.facebook.com
0 mk-mk.facebook.com
0 nl-be.facebook.com
0 ms-my.facebook.com
0 nl-nl.facebook.com
0 pa-in.facebook.com
0 pl-pl.facebook.com
0 pt-br.facebook.com
0 pt-pt.facebook.com
0 ro-ro.facebook.com
0 ru-ru.facebook.com
0 sl-si.facebook.com
0 sr-rs.facebook.com
0 th-th.facebook.com
0 tr-tr.facebook.com
0 vi-vn.facebook.com
0 zh-cn.facebook.com
0 zh-tw.facebook.com

# Special
0 momentsapp.com
0 mapfeedback.here.com
0 www.openstreetmap.org

0 nb-no.id.prod.facebook.com

# To Do
0 instagram.com
0 messenger.com
0 fr-fr.messenger.com

# CDN
0 fbcdn.net
0 www.fbcdn.net
0 api.fbcdn.net
0 static.xx.fbcdn.net	#yes xx

0 external.xx.fbcdn.net
0 external.fbru3-1.fna.fbcdn.net

0 scontent.xx.fbcdn.net
0 scontent.fbru3-1.fna.fbcdn.net
# 0 scontent-ams.xx.fbcdn.net
# 0 scontent-ßßß.xx.fbcdn.net
# 0 scontent-ßßß#-#.xx.fbcdn.net
# 0 scontent.fgru3-2.fna.fbcdn.net

0 origincache-prn.fbcdn.net

0 video.xx.fbcdn.net

# not all .tld belongs to FB
0 fb.com
0 www.fb.com

# TLD
0 facebook.at
0 facebook.be
0 facebook.bg
0 facebook.bi
0 facebook.biz
0 facebook.bom
0 facebook.cl
0 facebook.cm
0 facebook.cn
0 facebook.co
0 facebook.co.in
0 facebook.co.nz
0 facebook.co.uk
0 facebook.com.ar
0 facebook.com.au
0 facebook.com.bd
0 facebook.com.bo
0 facebook.com.br
0 facebook.com.co
0 facebook.com.tr
0 facebook.com.tw
0 facebook.com.ua
0 facebook.com.ve
0 facebook.com.vn
0 facebook.cz
0 facebook.de
0 facebook.design
0 facebook.dk
0 facebook.es
0 facebook.etc.br
0 facebook.fr
0 facebook.hu
0 facebook.idv.tw
0 facebook.in
0 facebook.in.th
0 facebook.info
0 facebook.ir
0 facebook.it
0 facebook.jobs
0 facebook.jp
0 facebook.lv
0 facebook.ma
0 facebook.me
0 facebook.name
0 facebook.ne.jp
0 facebook.net
0 facebook.net.cm
0 facebook.net.co
0 facebook.net.pl
0 facebook.nl
0 facebook.no
0 facebook.nom.co
0 facebook.om
0 facebook.org
0 facebook.org.au
0 facebook.pl
0 facebook.ro
0 facebook.ru
0 facebook.se
0 facebook.sk
0 facebook.tk
0 facebook.us
0 facebook.vn
0 connect.facebook.at
0 connect.facebook.be
0 connect.facebook.biz
0 connect.facebook.bg
0 connect.facebook.bi
0 connect.facebook.bom
0 connect.facebook.co.uk
0 connect.facebook.co
0 connect.facebook.co.in
0 connect.facebook.cn
0 connect.facebook.cm
0 connect.facebook.com.ar
0 connect.facebook.co.nz
0 connect.facebook.cl
0 connect.facebook.com.co
0 connect.facebook.de
0 connect.facebook.com.bd
0 connect.facebook.com.br
0 connect.facebook.com.ua
0 connect.facebook.com.bo
0 connect.facebook.etc.br
0 connect.facebook.com.tr
0 connect.facebook.com.vn
0 connect.facebook.com.tw
0 connect.facebook.es
0 connect.facebook.design
0 connect.facebook.dk
0 connect.facebook.com.au
0 connect.facebook.cz
0 connect.facebook.com.ve
0 connect.facebook.net
0 connect.facebook.om
0 connect.facebook.ru
0 connect.facebook.name
0 connect.facebook.org
0 connect.facebook.us
0 connect.facebook.net.co
0 connect.facebook.fr
0 connect.facebook.it
0 connect.facebook.nom.co
0 connect.facebook.info
0 connect.facebook.ne.jp
0 connect.facebook.in.th
0 connect.facebook.org.au
0 connect.facebook.net.pl
0 connect.facebook.tk
0 connect.facebook.ma
0 connect.facebook.idv.tw
0 connect.facebook.net.cm
0 connect.facebook.pl
0 connect.facebook.sk
0 connect.facebook.nl
0 connect.facebook.jp
0 connect.facebook.hu
0 connect.facebook.ir
0 connect.facebook.lv
0 connect.facebook.se
0 connect.facebook.jobs
0 connect.facebook.no
0 connect.facebook.me
0 connect.facebook.ro
0 connect.facebook.in
0 connect.facebook.vn
0 www.facebook.at
0 www.facebook.be
0 www.facebook.biz
0 www.facebook.bg
0 www.facebook.bi
0 www.facebook.bom
0 www.facebook.co.uk
0 www.facebook.co
0 www.facebook.co.in
0 www.facebook.cn
0 www.facebook.cm
0 www.facebook.com.ar
0 www.facebook.co.nz
0 www.facebook.cl
0 www.facebook.com.co
0 www.facebook.de
0 www.facebook.com.bd
0 www.facebook.com.br
0 www.facebook.com.ua
0 www.facebook.com.bo
0 www.facebook.etc.br
0 www.facebook.com.tr
0 www.facebook.com.vn
0 www.facebook.com.tw
0 www.facebook.es
0 www.facebook.design
0 www.facebook.dk
0 www.facebook.com.au
0 www.facebook.cz
0 www.facebook.com.ve
0 www.facebook.net
0 www.facebook.om
0 www.facebook.ru
0 www.facebook.name
0 www.facebook.org
0 www.facebook.us
0 www.facebook.net.co
0 www.facebook.fr
0 www.facebook.it
0 www.facebook.nom.co
0 www.facebook.info
0 www.facebook.ne.jp
0 www.facebook.in.th
0 www.facebook.org.au
0 www.facebook.net.pl
0 www.facebook.tk
0 www.facebook.ma
0 www.facebook.idv.tw
0 www.facebook.net.cm
0 www.facebook.pl
0 www.facebook.sk
0 www.facebook.nl
0 www.facebook.jp
0 www.facebook.hu
0 www.facebook.ir
0 www.facebook.lv
0 www.facebook.se
0 www.facebook.jobs
0 www.facebook.no
0 www.facebook.me
0 www.facebook.ro
0 www.facebook.in
0 www.facebook.vn

Not complete at all...

# 0 linkedin.com
# 0 www.linkedin.com
# 0 wildcard.licdn.com.edgekey.net
# 0 static.licdn.com
# 0 media.licdn.com

# 0 www.pinterest.com
# 0 post.pinterest.com

# 0 twitter
# 0 www.twitter.com
# 0 p.twitter.com
0 ads-twitter.com
0 analytics.twitter.com

[drduh]

The dnsmasq section of the guide shows an example of how to block entire domains, including sub-domains, like address=/.facebook.com/0.0.0.0 - which would apply to both IPv4 and IPv6 connections. Then you would not need to enumerate all (and probably not all) sub-domains in your hosts file.

You could also use DNS Zone Transfer (AXRF), which I believe supports wildcards, though it is more complicated to configure.

Something else one can do is block traffic to an organization by using pf, also in the guide. You can fetch the lists of network allocation to Facebook by getting their autonomous system number(s), like AS32934 and querying Merit RADb: whois -h whois.radb.net '!gAS32934'. This would be more effective than simply failing to resolve their associated domain names.

That being said, it is worth pointing out in the hosts section of the guide that IPv6 addresses are different, and must use ::1 notation, like http://someonewhocares.org/hosts/ipv6/ shows.

Also, 127.0.0.1 (localhost) does not require "2 connections", and is functionally equivalent to 0.0.0.0 (null route) on macOS, I have found, unless one is running a local Web server, though I still doubt that would make a noticeable difference.