My goal — block ALL installed browsers under Windows (Firefox, Chrome, and Edge), not just one.
As I see it, these are the available strategies:
C:\Windows\System32\drivers\etc\hosts
is always an option. Unfortunately there are a few websites that respond to https://randomsubdomain.facebook.com (TODO — check to see if this is actually true), and the Windows hosts file does not support wildcards.Again, that path is C:\Windows\System32\drivers\etc\hosts
In some cases, you may need to restart your browser, and maybe even logout of the service, before your hosts-file changes will work. (many browsers maintain an internal DNS cache)
Go to Settings > Windows Defender Firewall > Advanced Settings > Outbound Rules > New Rule > Custom rule. Now navigate to Scope > "Which remote IP addresses does this rule apply to?", and add the IP range(s) to the list.
If you get information like "Class C" or "204.154.94.0/23", then you might have to plug that information into a CIDR calculator. [wikipedia #1] [wikipedia #2]
Specific services: