Also this does not protect you from programs that perform their own dns lookups, and ignore /etc/hosts and /etc/resolv.conf entirely!
Not only is it more robust, it acts as a DNS/HTTP server that blocks this kind of stuff on a whole network.
This wouldn't work out of the box on FreeBSD.
I recommend this tool: https://www.shellcheck.net/
Also, my go to site for hosts is: http://someonewhocares.org/hosts/
and I am more than happy to share that on Windows/Firefox I use a combo of AdBlock+ and NoScript so I only allow FB, and the other "socials" to run their crap ONLY on their own websites and not on others (e.g. the -tracking- "like" buttons on CNN)
$ ping 0.0.0.1
connect: Invalid argument
$ ncat 0.0.0.1 80
Ncat: Invalid argument.
"my servers" is my home servers not some "web servers".
Maybe it's just me (: ( paranoid on security )
While it's good to be proactive about security, it is also helpful to understand why blocking icmp (particularly wholesale) is a bad idea.
I had a network guy tell me the other day that he is blocking traceroute for "security reasons". I can't even... =(