Portmaster: Free Open-Source Firewall for Your Apps
▼ Summary
– Portmaster is a free, open-source application firewall for Windows and Linux, developed in the EU to enhance user privacy with automated rule management.
– It operates at a low network level, inspecting and controlling all packet traffic by matching it to specific applications, including complex cases like Snap packages or system services.
– The service includes privacy features like configurable network scopes and filter lists to block threats such as malware, ads, and trackers based on domains, IPs, or countries.
– It securely intercepts and reroutes DNS queries to enforce user settings, supporting encrypted protocols like DNS over HTTPS/TLS and protecting against rebinding attacks.
– Portmaster runs as a core system service with automatic background updates and is available for free download on GitHub.
For anyone seeking to take command of their digital privacy, a robust application firewall is an essential tool. Portmaster stands out as a free, open-source solution designed to give users granular control over network traffic on both Windows and Linux operating systems. Developed within the European Union, its core philosophy centers on enhancing user privacy through intelligent automation, reducing the need for constant manual rule management.
The software operates by integrating deeply with your system’s network infrastructure. On Linux machines, it utilizes nfqueue, while on Windows it employs a custom kernel driver built upon the Windows Filtering Platform. This low-level access allows Portmaster to inspect every single data packet attempting to leave or enter your computer. It can identify which specific application generated any given connection by leveraging technologies like eBPF on Linux or the IP Helper API on Windows. This precise application-level visibility is crucial, as it enables you to set permissions based on the program itself, not just a port number. The firewall is sophisticated enough to handle various application formats, including Linux Snap packages, AppImages, and scripts, as well as Windows Store apps and services bundled under svchost.exe.
Privacy protection is woven directly into the service’s architecture. The firewall engine runs as a core system service for maximum authority, while its user interface and notifications operate in user space. The software automatically manages threat intelligence in the background, downloading and applying updated blocklists and geoIP data. These critical updates are cryptographically signed and installed without requiring user intervention, ensuring your protections are always current.
Users can define detailed network scopes, such as localhost, local network, the broader internet, peer-to-peer connections, or inbound requests, to create a tailored security posture. Rules can be crafted around domains, specific IP addresses, entire countries, and other identifiers. Integrated filter lists provide an immediate boost to security by blocking known malware distributors, advertising servers, and web tracking domains right out of the box.
A particularly powerful feature is Portmaster’s secure DNS handling. It actively intercepts DNS queries that might otherwise bypass your configured settings, rerouting them through its own resolver. This ensures all domain name lookups adhere to your privacy choices. The service supports encrypted DNS protocols like DNS over HTTPS (DoH) and DNS over TLS (DoT), and can manage split-horizon DNS setups. It also includes validation mechanisms to defend against sophisticated DNS rebinding attacks, closing a common security loophole.
As a community-driven project, Portmaster is freely available for download and contribution on GitHub, offering a transparent and powerful alternative to commercial firewall products.
(Source: HelpNet Security)
