Block distracting websites on Linux — system-level blocking via /etc/hosts and nftables
Project description
lockin
Block distracting websites at the system level. No proxy, no browser extension, no MITM certificate.
lockin writes blocked domains to /etc/hosts and blocks QUIC/HTTP3 via
nftables. Every application on your system is affected until the timer
expires. A systemd watchdog re-applies blocks every 60 seconds to
prevent tampering.
Quick start
uv tool install lockin-blocker
lockin start --rule social --for 2h
lockin status
Install
Requires Python ≥3.11, systemd, and nftables (or iptables). sudo is
used for /etc/hosts writes and firewall rules.
uv tool install lockin-blocker # recommended (uv)
pip install lockin-blocker # pip / pipx
Or install the latest from git:
uv tool install git+https://github.com/madhusudan-kulkarni/lockin.git
Usage
lockin start --rule <name> --for 30m Start a blocking session
lockin start --rule <name> --until 17:00 Block until a specific time
lockin start --soft --rule <name> --for 30m Allow early stop
lockin status Show remaining time
lockin extend 30 Add 30 minutes to current block
lockin unlock 30 Queue early unlock (30 min cooldown)
lockin unlock --now Emergency immediate unlock
lockin stop End the block (--soft mode only)
lockin list List all rules
lockin doctor Check installation health
lockin cleanup Remove leftovers from crashes
lockin uninstall Clean system files, print removal steps
Durations accept 30m, 2h, 1h30m. Times accept 17:00 or 9:30pm.
What happens during a block
- Blocked domains are written to
/etc/hostsand the file is locked withchattr +i— it cannot be edited, not even withsudo. - Browser enterprise policies are deployed to disable DNS-over-HTTPS in Firefox, Chrome, Chromium, Brave, and Edge.
- Open browsers are closed so they pick up the DoH-disabled configuration on next launch. You reopen them manually.
- QUIC/HTTP3 (UDP 443) is rejected via nftables so browsers fall back
to standard TCP/HTTPS, which respects
/etc/hosts. - A systemd watchdog timer fires every 60 seconds to re-apply blocks if they are tampered with.
- When the timer expires the watchdog removes all blocks, clears policies, and closes browsers so cached DNS entries are flushed. Reopen your browsers manually.
Rules
Rules live in ~/.config/lockin/rules.yaml. A default file is
copied there on first run. Edit it to add your own domains.
whitelists: # block everything EXCEPT these
coding:
- github.com
- stackoverflow.com
- docs.python.org
blacklists: # allow everything EXCEPT these
social:
- twitter.com
- facebook.com
- reddit.com
- youtube.com
Troubleshooting
Sites still load in Firefox. Firefox DNS-over-HTTPS was not disabled. Close Firefox and reopen it — the enterprise policy deployed by lockin takes effect on the next launch.
Sites still blocked after the timer expires. Run lockin cleanup
to force-remove leftover hosts entries and firewall rules.
lockin stop fails with "Hardcore mode is active." You started
the block without --soft. Use lockin unlock --now for emergency
access, or wait for the timer.
Uninstall
lockin uninstall # removes systemd units, policies
uv tool uninstall lockin-blocker # removes the binary
Or with pip:
lockin uninstall
pip uninstall lockin-blocker
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file lockin_blocker-2026.5.0.tar.gz.
File metadata
- Download URL: lockin_blocker-2026.5.0.tar.gz
- Upload date:
- Size: 26.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.16 {"installer":{"name":"uv","version":"0.11.16","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Fedora Linux","version":"44","id":"","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
585817d347a95d1ba3f264bb4d577d8ded782d25dcc3c3aa29689f08cf7a88da
|
|
| MD5 |
56f4ab14e4df2d65c35e6e52ad784ebc
|
|
| BLAKE2b-256 |
5ac88738dda3b68387f505729d742092ae15d7ff9334ac32cdb74f759fc8160f
|
File details
Details for the file lockin_blocker-2026.5.0-py3-none-any.whl.
File metadata
- Download URL: lockin_blocker-2026.5.0-py3-none-any.whl
- Upload date:
- Size: 25.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.11.16 {"installer":{"name":"uv","version":"0.11.16","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Fedora Linux","version":"44","id":"","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0b04765d0179ab7ee29973a1ffdf84f0774d17aa99513c59ba486ba17d4246ae
|
|
| MD5 |
c47254fe97b783db8167ac85ef5f64eb
|
|
| BLAKE2b-256 |
b4a85facc68c16256a55f5f4efee33d25fe1198f4436140240ac17f86dcfb4b3
|