That can only do blocking at a coarse dns level. The browser extensions do a lot more. If you want to do everything at the OS layer without browser extensions, you'll have to MITM your ssl connections by trusting your CA and set up a parallel engine that does what extensions do right now.