I use Little Snitch[1] (and its sibling Micro Snitch[2]) for filtering connections at the system level. I don't interact with it too often though, because I rarely install new apps.
Not to say /etc/hosts doesn't work, these days I just find I prefer things with better UX.
To clarify, I whitelist my browser entirely in Little Snitch and delegate to uMatrix and other extensions.
I also don't pre-emptively load in rules into Little Snitch - I have it running in active/interrupt mode, so it prompts me whenever it tries to make a new connection I haven't signed off on before. Unsurprisingly, not very many apps try to connect to Facebook.
Because it is completely impractical. I used LS but it's a waste of time to check and block ads servers or malicious domains, which is why most garbage should be blocked from hosts or dnsmasq.
The maintenance aspect of LS is definitely on the high side and only really dedicated folks will stick to it; if it were to come with auto-updated maintained lists it would most likely be used more
Little Snitch is for MacOS.
As a linux user I desperately looked for an equivalent and found none.
Douane was suggested. It's no good.
What a sorry state of affair. We need a simple app-level filtering solution.
Same story. I have always been dreaming of a Linux equivalent for LittleSnitch. More than a decade has passes since I've switched to Linux, still nothing...
Not to say /etc/hosts doesn't work, these days I just find I prefer things with better UX.
---
[1] https://www.obdev.at/products/littlesnitch/index.html
[2] https://www.obdev.at/products/microsnitch/index.html