Portmaster: Open-source application firewall
Portmaster is a free and open source application firewall built to monitor and control network activity on Windows and Linux. The project is developed in the EU and is designed to give users stronger privacy without asking them to manage every rule by hand.
A tool that watches everything your apps send
Portmaster plugs into the network stack at a low level. On Linux it uses nfqueue, and on Windows it relies on a kernel driver built on the Windows Filtering Platform. Every packet is visible to the service, and any packet can be stopped before it leaves the system. The software matches traffic to the app that created it by using eBPF and the proc filesystem on Linux or a kernel driver and the IP Helper API on Windows.
This approach lets users see each connection while still setting rules per application. It also helps the service sort out unusual cases. Portmaster can recognize Snap packages, AppImage apps and scripts on Linux as well as Windows Store apps and system services that run under svchost.exe.
Privacy features built into the service
The firewall runs as a system level core service. Its app and notifier operate in user space. Intelligence data such as block lists and geoIP information is downloaded and applied in the background. Updates are signed and installed automatically.
At the privacy filter level, users can define network scopes such as localhost, LAN, internet, peer to peer or inbound. Rules can be shaped around domains, IP addresses, countries and other internet identifiers. Filter lists help block malware, ad servers and tracker domains.
A closer look at secure DNS handling
Portmaster intercepts DNS queries that would otherwise bypass user settings. It reroutes these queries to its own resolver so that all lookups follow the chosen configuration. The service can work with DNS over HTTPS or DNS over TLS and supports split horizon setups with validation to defend against DNS rebinding attacks.
Portmaster is available for free on GitHub.
Must read:
- 35 open-source security tools to power your red team, SOC, and cloud security
- GitHub CISO on security strategy and collaborating with the open-source community
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!