Hot Topics
Security Bloggers Network 
SBN

How to: Basics of Using Safing Portmaster

by Avoidthehack! RSS on February 1, 2023

This post was originally published on 1 FEB 2023; it has since been updated and revised.

In this guide we look at how to get familiar with using/tweaking Safing Portmaster, an open-source and host-based application firewall available for Linux and Windows machines.

About Portmaster

safingio logo

SafingIO Portmaster is a free and open-source host-based application firewall. Put simply, it’s an application that can easily manage the network connections on the device on which it is installed.

Portmaster is useful for controlling/viewing the network activity on a Linux or Windows machine, all in one place. Portmaster also shows details for application’s connections in its interface.

You can find other mentions of Portmaster on avoidthehack as a recommended tool for blocking ads and trackers on a device and as a recommended free and easy-to-use privacy tool.

Installing Portmaster

red button with the word start on a dark background

Installing Portmaster is easy regardless of what device used. Keep in mind, as of writing, Portmaster is only available for Windows and Linux systems.

Windows

Installing Portmaster is easy; users can select their Windows build and versions and execute the installer, which will handle the installation process easily.

Download Portmaster

Linux

The easiest way to install Portmaster is via the package manager; users can download the .deb file and install Portmaster from the graphical user interface (GUI) of their distribution.

Alternatively, Portmaster can be installed via the command line.

Safing details troubleshooting Portmaster installation (specifically for Linux) in their docs.

Download Portmaster

Running Portmaster

Running Portmaster is easy; it can be ran from the GUI of Windows or Linux or via the Linux command line.

Portmaster runs in the background even if the application is not opened on the system’s GUI.

Compatibility note (port 53)

Portmaster binds to Port 53 (DNS). If there is another service already running (listening) to this port, then Portmaster will most likely throw an error. This error isn’t fatal, but can reduce Portmaster’s functionality or create DNS issues where you can’t connect to the internet.

Usually, this is because another service (likely DNS-related) is listening to this port.

To resolve this, you’ll need to locate what service is bound to port 53 on your machine and stop it.

If you’re using a Linux distro with systemd (which is likely), you can use sudo systemctl stop [service] in the command line.

In my specific case, my machine’s Unbound service was causing the issue. So, to start, I would type sudo systemctl stop unbound stop Unbound from running.

After executing this command, unbound should be stopped; we can verify with sudo systemctl status unbound, which should show an Inactive status.

Now restart Portmaster (systemctl restart portmaster). It should no longer give the notification it cannot start the DNS service.


clear notification screen from portmaster

While this particular note-section is mostly geared towards Linux users, Windows users may run into similar errors due to services competing for the same port as well. For example, if Windows users are already using the NextDNS application, then they may run into issues as both try to listen to the system’s DNS service, getting in each other’s way.

These are temporary workarounds – once the machine is restarted, you will like run into the same issues. Therefore, you should consider disabling applications and services likely to interfere with Portmaster from automatically starting.

Portmaster Basics

Portmaster has two main view modes: simple and advanced. Portmaster defaults to the simple interface. As of version 1.4, Portmaster comes with a dashboard, which is a much welcomed addition.

Dashboard

The dashboard was introduced to Portmaster in version 1.4 and features an overview of everything happening in Portmaster.

Here, we can see which Portmaster features are active (and whether you have access to them, depending on your Portmaster plan) and basic connection information initiated by the machine in the last few minutes.


new dashboard in portmaster

Specifically, users can see the number of connections blocked, active connections, and active apps directly from the Dashboard. Users can see recent connections per country too. Logging into and creating a Safing account is more accessible from the Dashboard as well.

Portmaster’s dashboard is a developing feature, so this will likely change in the near future to include additional information. In any case, it is a welcome addition and makes understanding and navigating Portmaster easier for users of all levels.

Network Activity

In both the simple and advance interfaces, the “default screen” for Portmaster is the Network Activity screen. Here, we can see average number connections over time, total connections within a last reload interval, apps with network activity, and more details about connections for the entire system.

The more a system uses the network, the “noisier” the network activity screen may look.

The interface is split into two main panels.


network activity screen of portmaster, the left pane shows applications names and the right pane shows connection details

The left tells us the process/app name and amount of “recent connections.”

The right panel details information about an application’s network connections. We can see an overview of allowed/blocked connections, domains allowed, outgoing/incoming, etc.

Connection Details

Portmaster lets us view connection details on a per-app basis with a simple click, and without further digging, can show a wealth of information about a connection, such as:

  • Start time
  • Direction (outgoing/incoming)
  • Protocol (typically TCP/UDP/ICMP)
  • Tunneled + encrypted status
  • Domain name
  • IP address (+ port number)
  • Country
  • ASN and AS Organization
  • Binary path

From here, we can also easily block the application from making future connections to associated domains/IP addresses.


connections

Connection filtering/searching

In an application like a browser, it may make connections to third-parties delivering content/services on behalf of a visited website. This can result in information overload, even for visiting a single website in a tab (especially if the browser is not using an adblocker), if we are looking for patterns/specific connections.

We can also filter/search connection information. Additionally, we can group an application’s connection by something like domain or country, depending on how we want to see the data.

Per-app settings

Portmaster can run settings like rules, force blocking internet activity, force blocking incoming connections for individual applications.

Without ever changing our global settings, perhaps we want to:

  • Temporarily restrict an app’s internet access
  • Allow or Block an app’s LAN access
  • Allow or Block incoming connections for an app
  • Allow or Block P2P connections
  • Manage filter lists of an app (set different lists…

*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoidthehack! RSS. Read the original post at: https://avoidthehack.com/safing-portmaster

Avoidthehack! RSS , ,