Safing’s Portmaster is an open source firewall that allows users to monitor and block network activity. Its primary purpose is to protect privacy by blocking malicious connections from apps and hiding the computer’s IP address. In this article, I will go over my experiences with setting up and using Portmaster.
Setup
Installing Portmaster was simple, I just downloaded and ran the installer from the Safing website. The first issue I ran into was that Portmaster was blocking every connection from my computer. This happened because I had DNS over HTTPS (DoH) enabled on Chrome and my system settings. Portmaster works by intercepting DNS requests and blocking malicious ones. It saw the DoH requests as a bypass attempt and blocked them. This issue was solved by disabling DoH on my system.
This was a bit worrying as DoH is a security measure but Safing did think about that. After filtering all the DNS requests Portmaster does reroute all of them to DoH, preventing any interception.
Experience
I mostly used Portmaster for DNS adblocking and tracker blocking. It worked well overall and helped block ads on websites with anti adblock. There were times when websites failed to load when system resources were low but overall it worked well. I eventually switched from filter lists to the AdGuard DNS server and the issues got better.
Testing
As Portmaster is meant to be a firewall I wanted to see what attacks it could prevent. I used the default settings for these tests to see what the average user would get out of it.
One obvious benefit is Portmaster’s DNS hijacking prevention with DoH. Unless an attacker managed to break HTTPS the DNS requests were kept safe. However, local DNS requests and mistyped ones could be hijacked as those would default back to plain DNS.
The protected computer cant be pinged or have its ports scanned as Portmaster blocks all incoming connections by default. This prevents connections to viruses with port binding but also blocks any services the computer may be running. Luckily users can specify which apps are allowed to receive incoming connections.
Reverse shells or viruses will be able to bypass Portmaster. Portmaster does not scan network traffic for any malicious data, it only looks at requests. This can be slightly mitigated by blocking p2p and lan connections but some connections will still get through.
SPN
Similar to tor, the Safing Privacy Network gives different IP addresses to each connection. This gives the user better privacy by hiding their real IP address. I did not buy or use the SPN as there are alternatives but it is there for those who want it.
In conclusion, Portmaster is a great tool for protecting privacy and blocking unwanted connections. The free tier provides great service for the average user and the paid tiers are there for the extremely privacy focused people.
Leave a Reply
You must be logged in to post a comment.