Custom /etc/hosts rules being ignored

I’m trying to block a handful of websites by editing the /etc/hosts file for a disp-vm, but the hosts file doesn’t seem to be working.

I’ve followed the documentation to use /rw/config/rc.local in the template. It definitely echos the lines to the /etc/hosts file of the disp-vms.

The problem is my rules in /etc/hosts seem to be ignored. Firefox still opens those sites without a hiccup, which is the opposite of what I need!

Here’s what the disp-vm /etc/hosts file looks like:

# Loopback entries; do not change.
# For historical reasons, localhost precedes localhost.localdomain:
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 >
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6 >
# See hosts(5) for proper format and other examples:
# 192.168.1.10 foo.mydomain.org foo
# 192.168.1.13 bar.mydomain.org bar
127.0.0.1       disp8770

127.0.0.1 example.com
127.0.0.1 example2.com

Where example.com and example2.com can be opened anyway.

Am I doing something basic wrong? I’ve played with tabs and spacings and that doesn’t seem to do anything.

Shouldn’t you use Firewall rules in your sys-firewall for these things?

No, not necessarily.

Why is it documented?

Why are other people using it? (<-- for anyone checking that link, he got it working in the end).

I don’t think they are using hosts to block sites, and adding the domain/ip to the firewall would be the correct way to do it.

hosts does not prevent you from connecting to the site, it only prevents the domain name lookup, you would still be able to connect to the IP.

1 Like

hosts does not prevent you from connecting to the site, it only prevents the domain name lookup, you would still be able to connect to the IP.

Yes - I type a name in the browser, DNS lookup happens and gets redirected to 127.0.0.1 by the entry in the hosts file. That’s the same as what the other guy is doing.

So why doesn’t this happen in Qubes, and especially why is it documented in material on config and rc.local?

It should work.

Did you try restarting the qube?

rc.local is notorious of having issues to start on boot. Did you try to run it manually? Permissions on hosts file?

@renehoj Its a dispVM, so its restarted each time. Template was closed.

@enmus I know the rc.local command has worked, because I can see the new lines in the dispVMs’ /etc/hosts file.

Its the /etc/hosts file that is not working as I expect in the dispVM.

There have been issues in the past with firefox and the hosts file, but these
have been resolved.
This works for me with Fedora and Debian disposables, and up to date
firefox.

can you post your /etc/hosts file?

The dispvm gets its /etc/hosts file from its disposable template, e.g. fedora-36-dvm and that qube gets it from its template, e.g. fedora-36. So, if yyou put your /etc/hosts into that template, it works definitely.

No idea, where you should put it if you’re using rc.local, but I remember having trouble with that file some time ago.

1 Like

rc.local should be edited in the dispvm-template (fedora-36-dvm) for changes to persist in all dispvms.

1 Like

What is your host file? Any extra spaces? More than one tab?

Sorry for silence, have been called away.

@unman @enmus copy of the hosts file is in the original post. Changes are in rc.local on the template (fedora-36-dvm) and appear faithfully in the dispVM’s hosts file.

It just doesn’t work.

i.e, I can open the hosts file in the dispVM itself, and I can see the correct edits sitting there, they just don’t seem to be having an effect.

@GWeck I think that changes to the hosts file in the template weren’t copied into the dispVM. That’s why I had to use rc.local.

This can’t or at least shouldn’t be. That would be the very starting point to investigate. Put it in the template, and create new dvm-template and try new dispVM.

Of course, but I’m not sure we can check if it has extra spaces or tabs, so expected answer should be - yes or no.

Puzzling - have you tested with anything except firefox?
what happens with wget, for example?

Have you tested with different templates?

All I can say is that on my systems changes to the hosts file are
reflected in browser behaviour.

I can confirm that they weren’t copied from the template into the dispVM. Very confusing to me. The only way to get the new rules put into the dispVM hosts file was by using rc.local.

(Sorry for slow reply, I’ve been ill).

I hope you are recovered, and well.

I seem to be periodically locked out of the server, (I can’t even copy my words out of this text box), so let’s see if this post works.

@unman Yes! Have found that wget will obey the host rules while Firefox does not.

Figured it out: I use Mullvad VPN,and they recommend using a SOCKS 5 Proxy to enhance their service. Their instructions include to switch on “Proxy DNS when using SOCKS v5”. This is what is bypassing the hosts file rules. (It will also bypass their apps’ own Block list).

When DNS is not proxied, host file rules are obeyed.

Thanks

SOLVED

1 Like

Just a flu, thanks

6 posts were merged into an existing topic: Reflections on: Not Posting Every Symptom in Original Post