What Is Portmaster?
Portmaster is an open-source application firewall. It allows you to analyze and control the network activity of individual applications. You can also see which IP addresses data is traveling to and from, allowing you to detect any services that are siphoning your data. The paid tier, Portmaster unlimited, gives you access to a VPN alternative: an SPN (Safing private network).
Why You Need an Application-Level Firewall
A traditional, packet-filtering firewall is port-based. When you enter the port, the firewall will prevent all Internet traffic from flowing through it. An application-level firewall, like Portmaster, protects you from both ends. It provides you with a level of user anonymity and finer controls. Although there are more complex solutions that provide next-level security, these are often not consumer grade and are more data center oriented.
How to Install Portmaster
First, you need to install GNOME network manager. It’s installed by default when you install your distro, but if you don’t have it, follow the directions below to install it. If you’re not using the apt package manager, just replace apt with your respective package manager. Once you’ve done that, download and install Portmaster. Portmaster supports all Linux distros that use Linux kernel 5.7 and above and comes with a .deb and .rpm package. You can install Portmaster using the following commands: On Debian/Ubuntu: On Fedora: If you prefer to use a graphical installer, navigate to the software package and use “Software Install” to install Portmaster. On Arch, you can build Portmaster from Source by cloning it from GitHub. Another option is to use an AUR helper like yay, which lets you download and install applications from the Arch User Repository (AUR). If you’re using SELinux, it may take a bit more effort to install Portmaster. SELinux does not allow you to run binaries as a systemd service, which portmaster-core requires. To use Portmaster, you need to change the security context of Portmaster using the following command: Restart Portmaster using the following command:
How to Configure Portmaster
Portmaster doesn’t require much configuring to get started. There are some key features you may need to dig for if you want to tap into its true power. First, you can restrict network activity within applications. Multiple tabs in a web browser connect to unique IP addresses and can be restricted. In the “Network Activity” tab, click on the individual connections and navigate to the app settings. You can restrict any domain. You can also adjust global settings for the application to block any connections. The “Apps and Profiles” tab will also take you to these settings. It is quicker to navigate from the network activity window.
Public Wi-Fi Security
It makes sense that you would want to restrict most incoming connections if you’re connecting to a public Wi-Fi network or one that you don’t trust. Leaving your files and data vulnerable to attack is not an option, but you also want to watch YouTube and surf the Web to pass the time. In the “Global Settings” tab, adjust the settings based on the threat level. You may want to ignore multicast DNS (use nslookup to check DNS records), which is often used by hackers for DDOS (distributed denial-of-service) attacks. At the same time, you may want to allow your PC to connect to the Internet, even in maximum danger. You can add rules for incoming and outgoing connections. The filter section allows you to block any NSFW content, trackers, or any content that you may not want to see.
SPN
SPN is Safing’s version of a VPN (Virtual Private Network) with a few key differences. For one, it routes you through the network, masking you by using multiple identities. Most VPNs tie you to a specific country of your choosing. This is great if you trust your VPN, but not so much if you don’t. It also features automatic geo-unblocking, which allows you to access content restricted to specific regions or countries. All of this is in addition to the great base Portmaster offers. Image credit: Man plugging in an LAN cable to a wireless router by 123RF. All screenshots by Nathan Meyer.