Reply to Message

This is a perfectly servicable way of blocking some unnecessary/inappropriate traffic. However, there are few problems.

For this to work, all but the sysadmins have to be locked out of the hosts file. This is of course feasible, but there are legitimate uses of the hosts file that it might not be good to take away from users.

It doesn't seem scalable. For a couple of machines, sure, no problem, but when you're having to update this file on dozens or even hundred of boxes, and still preserve the permissions lock-down, and make sure all the boxes have the same file ... well this starts to sound like the kind of complexity you *want* a third-party app to manage.

One drawback that probably doesn't matter in a whole lot of cases is that this won't stop any request that uses an explicit IP address. So it would have less effect against, say, a chat application.