Using a large anti-ad, anti-malware hosts list such as https://github.com/StevenBlack/hosts appears to freeze YaST network config.
Stalls seemingly forever at 50% “Read device configuration”
The Hostnames tool also fails, never starting.
The hosts file works, however, and WWW browsers perform as expected, with blocked content being blocked.
Well, although I see the use case of such filters (I use Kaspersky on windows with its ad-blocker - it uses pretty much the same technique) using a hosts file seem the wrong approach to me. Yes, it may work for simple lookup - but as you see it causes quite a lot of other issues with system administration tools not designed for it. I think yast just “hangs” cause it doesn’t expect 150.000 entries and it’s just not designed for that. The cause for the hang is likely the parsing - search google for “how a hacker changed gta online loading times” - it’s a nice read about how some really bad way of parsing a about 10mb json file into a list which caused minutes of loading times for years and is now down to just a few seconds. The same seems to be the case with yast: it may try to parse the list in a very inefficient way which takes up several times longer than it had to when the loader code would be optimized.
Same can be said for “lsof -i” command: by default it tries to resolve IPs into hostnames. It also converts port numbers into service names (like SMTP instead of 25). I often add “-n -P” to get a clean numerical only output. It’s just the way it’s implemented with this reverse lookup by default. If you have quite a lot of connections open with slow nameservers a simple listing of current connections can take up quite some time.
My suggestion: Go the DNS way like PiHole. Feed that 150k-ish list into a local dns server. Maybe even use a database for faster lookups (only having the entire all time in memory is faster - but requires more ram). This way your hosts file returns to the normal few lines for the local hostname which will make yast work again.
Remember: That’s the reason why DNS was invented in the first place: Cause long hosts files became unmanageable as the early internet grew. Do you really want to go back to the 60’s just because it’s a still supported tech for what reason again? I’m not against filters - but the way this is implemented surely isn’t one meant for more than a couple of 10s or maybe 100s of entries.
I’ve read that PiHole can be made to run in OpenSuse but it’s not on their officially supported list. Do you have experience with how well it works?
PiHole was more as an example rather than a specifc recommendation. There’re also lots of others out there. I myself use pfSense.
What I meant is this: Yes, one can use the local hosts file to modify or block access by make specific hostnames unable to resolve - but a more modern way of doing so is use DNS. It doesn’t really matter what DNS server you use - there’re many out there to choose from - but you should use one that comes with some sort of “override” mechanism. So anything it doesn’t have its own rule set up it just forwards to whatever DNS server you use regular. But for entries in the list it intercepts them and just reply with 0.0.0.0 or maybe even NX_DOMAIN. I don’t know one from the top of my head - but as open as linux is I guess there’s some out there working straight out of the box for your needs.
Why I’m suggesting it: The local hosts file is some relic from the past before DNS got big - and to me I don’t know why and see no reason for still supporting it. It’s something that finally should get dropped or fully replaced by DNS anyway - but I guess there’s still a ton of software out there relying on it. Using a simple DNS server which does the name resolution for your web traffic anyway is the perfect spot for intercepting fiters - and it doesn’t break system tools like yast - although I guess when filling a dns servers’ list with 150k entries and try to manage that by anything else than a database manager (like phpMyAdmin) would likely result in the same issue you experience currently.
Or to put it simple: With Linux there’Re about couple thousands of different ways to accomplish the desired goal - but not all of them are a “good” one.