Every method that exists, ranked honestly: what works, what doesn't, and what to pick for each situation.
Jump to the best option →If you want a quick, casual block for one site for an hour, SelfControl or a browser extension is fine.
If you want a serious block that covers websites + apps with multiple lock types, only Cold Turkey Pro ($45) and FocusDragon (free) do that on Mac.
None of these tools can block traffic tunnelled through a VPN at the network layer — that requires a paid Apple Developer Network Extension content filter, which no free Mac blocker currently ships. Blockers with app-killer layers (FocusDragon, Cold Turkey Pro) still catch the app side of the problem.
The oldest trick on Unix: map the domain to 0.0.0.0 so nothing resolves. It's free, requires no software, and works across every browser. It's also the weakest option on this list.
Built into macOS under System Settings > Screen Time > Content & Privacy. Apple designed it primarily for parental controls, so it works well if someone else holds the passcode. Self-discipline is a different story.
Free Chrome/Firefox extensions that block a list of URLs, sometimes with a timer. They're the easiest option — and the easiest to disable. Every extension comes with a toggle in chrome://extensions. Incognito mode ignores them entirely.
An open-source (GPL-3.0) Mac app that blocks websites for a set timer and won't let you cancel early. Under the hood it uses macOS's PF packet filter plus /etc/hosts — more robust than hosts alone. Limitations: it only blocks websites and mail servers (not apps), has only one lock mode (a timer from 1 minute to 24 hours), and its own FAQ acknowledges VPNs can bypass it. Read the full comparison: FocusDragon vs SelfControl.
FocusDragon combines every other method on this list plus a few the others don't have. Instead of one blocking layer, it runs six. Instead of one lock type, it offers six. Instead of trusting the app to stay open, it runs a root daemon that keeps enforcing blocks even if you force-quit the app, uninstall it, or reboot.
| Method | Free | Blocks apps | Bypass-resistant | Survives reboot |
|---|---|---|---|---|
| /etc/hosts | Yes | No | No | Yes |
| Screen Time | Yes | Partial | No | Yes |
| Browser extensions | Yes | No | No | Yes |
| SelfControl | Yes | No | Medium | Yes |
| Cold Turkey (free + $45 Pro) | Partial | Pro only | Yes | Yes |
| Freedom (free + $8.99/mo) | Partial | Yes | Yes | Yes |
| FocusDragon | Yes | Yes | Yes | Yes |
The easiest free way is to install FocusDragon — it blocks websites across every browser using /etc/hosts entries, PF firewall rules, and browser extensions enforced by a root launchd daemon. Other free options: editing /etc/hosts manually, using macOS Screen Time, installing SelfControl, or using Freedom's free tier. Each has different tradeoffs covered below.
Yes, macOS Screen Time supports website restrictions under Content & Privacy. The catch: it only works in Safari properly, other browsers can bypass it, and anyone with your Screen Time passcode can turn it off in seconds. It's useful for kids' devices, less useful for self-blocking when you're the one with the passcode.
For truly permanent blocks, use FocusDragon's date-lock or restart-count lock modes. A date lock blocks the site until a calendar date you choose (e.g., 'unlock on January 1st'). A restart-count lock requires you to actually reboot your Mac N times before the lock releases. Both survive app reinstalls.
You can, and it works — for about a week, until you remember the file exists. /etc/hosts is editable by any admin user in two terminal commands, only affects apps that use the system resolver (Firefox with DNS-over-HTTPS will bypass it), and doesn't cover native apps at all. FocusDragon uses /etc/hosts as one of six layers, so even if you edit it back, the PF firewall rule, daemon, and browser extensions still enforce the block.
No, if the blocker is well-built. FocusDragon is written natively in Swift, is around 6 MB installed, and uses less than 0.1% CPU on average. The PF firewall rules run in the kernel and are effectively free at runtime.