I know you've got it working now but it might be worth looking at firewalling capabilities on your router as an additional tool in your arsenal.
The router (Asus RT-N66U) was the obvious first place to look but couldn't see anything particularly useful, then the hosts
file but that doesn't work for IP addresses. It could have been fiddly doing it on the router anyway- the app runs on three machines but I only wanted to block two of them- different hardware on the third meant that it wasn't a problem on that one.
When I googled for ideas, I got the distinct impression that blocking outgoing
IP addresses is something of a minority interest
Another option which can be done on the router or the computer is to add a null route - route packets for the particular destination you want to block via a non-existent IP - preferably an RFC 1918 address. I've certainly done this on Windoze machines in the past with great success.
I don't use null routes but quite often use 127.0.0.1 in the hosts
file on the Mac, especially for any mob that use pop-unders (MacKeeper being the main culprit).
I initially tried blocking MacKeeper in the router (block anything with that text in the url) but it sometimes got irritating waiting for the connection to time out. Doing it via localhost
meant that Apache immediately spat back a 404 so no waiting, although it did mean an entry for each url variation I came across- a trivial matter.
I must admit I'm quite impressed with GUFW. I've no doubt I could gain a lot more flexibility by getting to grips with iptables, but I don't need it and GUFW makes it dead easy to do what I do
want to do. At my advanced age I'm a firm believer in KISS