Do you need a host entry to only take effect when you're at home? Or, perhaps, override the IP for a certain domain at school or work to get around a filter? Hostwatch is for you!

Install Hostwatch

To install Hostwatch on MacOS, run this command in your terminal:

curl | sh 

The installer will ask for elevated priveledges - enter your password when prompted. If you don't like this method of installation (e.g in a production environment), see the Secure Installation section for a more difficult, but more secure method.

Configure Hostwatch

Hostwatch uses a configuration file at /private/etc/hostwatch-hosts. This file contains rules to be inserted into /private/etc/hosts when certain conditions are met.

The default condition that rules need to meet is that NO wireless network is connected. This can be changed with special "condition lines", which change the conditions required for further lines to be inserted into the hosts file.

"Condition lines" begin with an @ symbol. Following this is a comma-separated list of wireless SSIDs. The condition will only be met when the machine is connected to a wireless network with one of the listed SSIDs. Beware: ANY whitespace will be interpreted literally! In the line @My Network, My Other Network, the SSID " My Other Network" INCLUDES THE SPACE AFTER THE COMMA, and the network "My Other Network" (without a space) will NOT match!


Let's say you have a server running out of your home, available on the internet at Now, this works fine when you're out and about, but when you're on your home network, it'll be unreachable (assuming your router doesn't allow for NAT hairpinning)! That's no good! Let's set up /private/etc/hostwatch-hosts so that visiting from your home network (SSID "My WiFi" or "My WiFi 5GHz") points to the local IP!

@My WiFi,My WiFi 5GHz

After you save this file, the next time your network state changes (e.g. disconnecting or reconnecting to the network), the rules in the file will be evaluated and applied as necessary. If you've changed the rules for the network you're currently connected to, and want them to take effect, simply disconnect and reconnect to your network.

Secure Installation

The files contains the detached GPG signature for the installer script. Furthermore, hostwatch-latest.sig contains the signature for the Hostwatch binary. You may verify the legitimacy of and hostwatch-latest with these commands, given that both files and their signatures are present in the current directory:

gpg --receive-keys 834837C5C6BB1E7A41079EE0AA79322F4F57EEBB
gpg --verify
gpg --verify hostwatch-latest.sig hostwatch-latest

After verifying these files, `` can be invoked with the filename of the hostwatch file:

./ hostwatch-latest