Why can't I block Facebook using /etc/hosts on Mountain Lion (OS X)?

harrymc is close but for some reason OS X (as of 10.8.2) doesn't respect the IPv6 loopback address of ::1 (probably a bug), so you have to use fe80::1%lo0. The reason you need to block IPv6 is because Facebook will serve you their site over V6 if your ISP supports it. You can easily verify this by installing a browser plugin that displays an icon when a site is being served via IPv6. The reason this wasn't a problem for you before is because Facebook likely only recently started serving their site over IPv6.

So the correct answer is:

# Block Facebook IPv4
127.0.0.1   www.facebook.com
127.0.0.1   facebook.com
127.0.0.1   login.facebook.com
127.0.0.1   www.login.facebook.com
127.0.0.1   fbcdn.net
127.0.0.1   www.fbcdn.net
127.0.0.1   fbcdn.com
127.0.0.1   www.fbcdn.com
127.0.0.1   static.ak.fbcdn.net
127.0.0.1   static.ak.connect.facebook.com
127.0.0.1   connect.facebook.net
127.0.0.1   www.connect.facebook.net
127.0.0.1   apps.facebook.com

# Block Facebook IPv6
fe80::1%lo0 facebook.com
fe80::1%lo0 login.facebook.com
fe80::1%lo0 www.login.facebook.com
fe80::1%lo0 fbcdn.net
fe80::1%lo0 www.fbcdn.net
fe80::1%lo0 fbcdn.com
fe80::1%lo0 www.fbcdn.com
fe80::1%lo0 static.ak.fbcdn.net
fe80::1%lo0 static.ak.connect.facebook.com
fe80::1%lo0 connect.facebook.net
fe80::1%lo0 www.connect.facebook.net
fe80::1%lo0 apps.facebook.com

Try adding following line in /etc/resolv.conf

lookup file, bind

This should force OS X to use /etc/hosts before dns. The only problem is if you use dhcp, this file will be overwrote each reboot.

I've been stomped by this too. I like to do only the necessary steps and hack only the necessary configuration files and nothing more. Here's a summary of what works and what doesn't, what's necessary or isn't, as of today:

• @jesse-endahl's hack works exactly. Need to use fe80::1%lo0 for the IPv6 loopback, the entries for ::1 seem to be ignored.

• sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder -- not needed

• Adding lookup file, bind in /etc/resolv.conf -- not needed

An important thing to keep in mind when testing this is that some application have their own DNS cache. For example the Chrome browser: it doesn't make sense to lookup IP addresses on every page reload, if the IP of facebook.com was 173.252.110.27 a minute ago it should still be the same now, right? This makes it hard to test things, because it takes a couple of minutes for Chrome to expire its cache. Unless you know a method to expunge it.

One testing method that worked well for me is using the New Incognito Window feature of Chrome. Every time you change something in /etc/hosts, open a new incognito window to view the result, and it should work immediately. The non-incognito windows will work too, eventually, it just takes a couple of minutes.