Skip to main content

Block distracting websites on Linux — system-level blocking via /etc/hosts and nftables

Project description

lockin

CI PyPI

Block distracting websites at the system level. No proxy, no browser extension, no MITM certificate.

lockin writes blocked domains to /etc/hosts and blocks QUIC/HTTP3 via nftables. Every application on your system is affected until the timer expires. A systemd watchdog re-applies blocks every 60 seconds to prevent tampering.

Quick start

uv tool install lockin-blocker
lockin start --rule social --for 2h
lockin status

Install

Requires Python ≥3.11, systemd, and nftables (or iptables). sudo is used for /etc/hosts writes and firewall rules.

uv tool install lockin-blocker          # recommended (uv)
pip install lockin-blocker              # pip / pipx

Or install the latest from git:

uv tool install git+https://github.com/madhusudan-kulkarni/lockin.git

Usage

lockin start --rule <name> --for 30m    Start a blocking session
lockin start --rule <name> --until 17:00  Block until a specific time
lockin start --soft --rule <name> --for 30m  Allow early stop
lockin status                             Show remaining time
lockin extend 30                          Add 30 minutes to current block
lockin unlock 30                          Queue early unlock (30 min cooldown)
lockin unlock --now                       Emergency immediate unlock
lockin stop                               End the block (--soft mode only)
lockin list                               List all rules
lockin doctor                             Check installation health
lockin cleanup                            Remove leftovers from crashes
lockin uninstall                          Clean system files, print removal steps

Durations accept 30m, 2h, 1h30m. Times accept 17:00 or 9:30pm.

What happens during a block

  1. Blocked domains are written to /etc/hosts and the file is locked with chattr +i — it cannot be edited, not even with sudo.
  2. Browser enterprise policies are deployed to disable DNS-over-HTTPS in Firefox, Chrome, Chromium, Brave, and Edge.
  3. Open browsers are closed so they pick up the DoH-disabled configuration on next launch. You reopen them manually.
  4. QUIC/HTTP3 (UDP 443) is rejected via nftables so browsers fall back to standard TCP/HTTPS, which respects /etc/hosts.
  5. A systemd watchdog timer fires every 60 seconds to re-apply blocks if they are tampered with.
  6. When the timer expires the watchdog removes all blocks, clears policies, and closes browsers so cached DNS entries are flushed. Reopen your browsers manually.

Rules

Rules live in ~/.config/lockin/rules.yaml. A default file is copied there on first run. Edit it to add your own domains.

whitelists:       # block everything EXCEPT these
  coding:
    - github.com
    - stackoverflow.com
    - docs.python.org

blacklists:       # allow everything EXCEPT these
  social:
    - twitter.com
    - facebook.com
    - reddit.com
    - youtube.com

Troubleshooting

Sites still load in Firefox. Firefox DNS-over-HTTPS was not disabled. Close Firefox and reopen it — the enterprise policy deployed by lockin takes effect on the next launch.

Sites still blocked after the timer expires. Run lockin cleanup to force-remove leftover hosts entries and firewall rules.

lockin stop fails with "Hardcore mode is active." You started the block without --soft. Use lockin unlock --now for emergency access, or wait for the timer.

Uninstall

lockin uninstall                     # removes systemd units, policies
uv tool uninstall lockin-blocker     # removes the binary

Or with pip:

lockin uninstall
pip uninstall lockin-blocker

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

lockin_blocker-2026.5.0.tar.gz (26.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

lockin_blocker-2026.5.0-py3-none-any.whl (25.1 kB view details)

Uploaded Python 3

File details

Details for the file lockin_blocker-2026.5.0.tar.gz.

File metadata

  • Download URL: lockin_blocker-2026.5.0.tar.gz
  • Upload date:
  • Size: 26.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.16 {"installer":{"name":"uv","version":"0.11.16","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Fedora Linux","version":"44","id":"","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for lockin_blocker-2026.5.0.tar.gz
Algorithm Hash digest
SHA256 585817d347a95d1ba3f264bb4d577d8ded782d25dcc3c3aa29689f08cf7a88da
MD5 56f4ab14e4df2d65c35e6e52ad784ebc
BLAKE2b-256 5ac88738dda3b68387f505729d742092ae15d7ff9334ac32cdb74f759fc8160f

See more details on using hashes here.

File details

Details for the file lockin_blocker-2026.5.0-py3-none-any.whl.

File metadata

  • Download URL: lockin_blocker-2026.5.0-py3-none-any.whl
  • Upload date:
  • Size: 25.1 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.16 {"installer":{"name":"uv","version":"0.11.16","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Fedora Linux","version":"44","id":"","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}

File hashes

Hashes for lockin_blocker-2026.5.0-py3-none-any.whl
Algorithm Hash digest
SHA256 0b04765d0179ab7ee29973a1ffdf84f0774d17aa99513c59ba486ba17d4246ae
MD5 c47254fe97b783db8167ac85ef5f64eb
BLAKE2b-256 b4a85facc68c16256a55f5f4efee33d25fe1198f4436140240ac17f86dcfb4b3

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page