My goal — block ALL installed browsers under Windows (Firefox, Chrome, and Edge), not just one.
As I see it, these are the available strategies:
C:\Windows\System32\drivers\etc\hostsis always an option. Unfortunately there are a few websites that respond to https://randomsubdomain.facebook.com (TODO — check to see if this is actually true), and the Windows hosts file does not support wildcards.
Again, that path is
In some cases, you may need to restart your browser, and maybe even logout of the service, before your hosts-file changes will work. (many browsers maintain an internal DNS cache)
Go to Settings > Windows Defender Firewall > Advanced Settings > Outbound Rules > New Rule > Custom rule. Now navigate to Scope > "Which remote IP addresses does this rule apply to?", and add the IP range(s) to the list.
If you get information like "Class C" or "220.127.116.11/23", then you might have to plug that information into a CIDR calculator. [wikipedia #1] [wikipedia #2]