SplitTunnel

How to Block an App from Accessing the Internet on Mac

Per-App Outbound Firewall for macOS

SplitTunnel Team·6 min read·Updated February 2026

Key Takeaways

  • The built-in macOS firewall only blocks incoming connections, not outgoing

  • You need a third-party tool to block an app from reaching the internet

  • SplitTunnel lets you block any app's outbound access in three steps

Block Apps Now

Why macOS Can't Do This Natively

The built-in macOS firewall (System Settings → Network → Firewall) only controls incoming connections. It was designed to prevent external access to your Mac, not to stop your apps from reaching out.

This means any app on your Mac can freely connect to the internet — sending telemetry, checking for updates, syncing data, or phoning home — and macOS gives you no way to stop it.

This is the most common frustration Mac users hit when trying to control app network access. The built-in firewall simply wasn't designed for outbound blocking.

What You Actually Need: An Outbound Firewall

To block an app from accessing the internet, you need a tool that intercepts outbound connections at the application level. There are a few approaches:

  • Per-connection prompts — get asked every time any app makes a connection (noisy)

  • Hosts file editing — block specific domains, but apps can use IP addresses directly

  • Per-app firewall rules — block all outbound traffic for a specific app (cleanest)

Method 1: Edit Your Hosts File (Manual)

You can block specific domains by editing /etc/hosts. This prevents DNS resolution for those domains across your entire Mac.

Hosts file blocks are domain-based, not app-based. Every app on your Mac is affected. And apps that connect by IP address bypass the hosts file entirely.

Method 2: macOS pf Firewall (Advanced)

macOS includes pf (packet filter), a powerful command-line firewall inherited from BSD. You can write rules to block traffic by port, IP, or protocol.

pf operates at the network layer, not the application layer. It can't distinguish between apps — it can only filter by IP addresses and ports. Custom rules require manual setup to persist across reboots and can be overwritten by macOS updates.

Method 3: Per-App Blocking with SplitTunnel (Recommended)

The simplest approach: block any app's internet access from your menu bar, with no terminal commands or config files.

1

Install SplitTunnel on your Mac

2

Find the app you want to block in the menu bar interface

3

Set it to "Block" — the app loses internet access immediately

You can unblock any app instantly. Rules persist across restarts, so you only configure once.

Common Apps People Block

  • Adobe Creative Cloud — stops telemetry and forced updates

  • Microsoft Office — prevents background analytics

  • Electron apps — stops auto-updaters running in the background

  • Game launchers — prevents background downloads

  • Backup agents — stops syncing on metered connections

Verifying an App Is Blocked

After blocking an app with SplitTunnel:

  1. Open the blocked app

  2. Try an action that requires internet (sign in, sync, update check)

  3. The action should fail or time out

  4. Unblock the app to confirm internet access returns

Frequently Asked Questions

Block Any App's Internet Access

Per-app firewall for macOS. One click from your menu bar.

Start Free Trial

7-day free trial · Cancel anytime

Related Guides

Block Outgoing Connections on Mac

The missing macOS outbound firewall

Stop Apps Phoning Home

Block telemetry and tracking

Block Adobe Internet Access

Stop Creative Cloud phoning home