- Feb 25, 2017
- 2,585
Portmaster Firewall (Alpha stage)
- Thread starter Kongo
- Start date
- Jun 26, 2020
- 440
- Apr 4, 2021
- 360
I tried it in a virtual machine on a newly installed system.
The program interface takes quite a long time to load, and the program also caused several system freezes for me.
DNS, as I understand it, can only be configured via an IP address with further verification by host, I am not sure that with this method of connecting to NextDNS or ControlD, the selection of the nearest server will work correctly, it needs to be checked. However, NextDNS connected and displayed the connection correctly in its web dashboard.
The settings allow you to completely block direct connections, as well as plain dns, which is very cool!
The rules allow you to block entire countries, hosts, and IP addresses.
In general, I liked this project and it looks very promising. I will wait for further updates. =)
The program interface takes quite a long time to load, and the program also caused several system freezes for me.
DNS, as I understand it, can only be configured via an IP address with further verification by host, I am not sure that with this method of connecting to NextDNS or ControlD, the selection of the nearest server will work correctly, it needs to be checked. However, NextDNS connected and displayed the connection correctly in its web dashboard.
The settings allow you to completely block direct connections, as well as plain dns, which is very cool!
The rules allow you to block entire countries, hosts, and IP addresses.
In general, I liked this project and it looks very promising. I will wait for further updates. =)
klepto
Level 2
- Jun 14, 2020
- 77
It looks like its going to be a really good product. I will let it cook for another 6 months or so before testing it myself.
- Jul 2, 2020
- 306
looks promising...waiting for someone to test it first...
- Nov 15, 2017
- 1,083
I am testing it now on a productive machine and it is really good at its job, it would be necessary to polish things like notifications and that it does not filter everything by domains but by applications.
- Jul 8, 2012
- 895
Seems that people on Wilders Security Forums are checking it out as well. And one of the team members is there to answer questions.
www.wilderssecurity.com
It looks and sounds nice, but I will be watching it to see where this goes.
Portmaster Firewall
Portmaster is an open source application firewall for Windows and Linux. Its main goal is to bring online privacy to everyone: easy enough so no...
www.wilderssecurity.com
It looks and sounds nice, but I will be watching it to see where this goes.
Last edited:
- Apr 4, 2021
- 360
I continued experimenting with Portmaster on the VM. Some things are not completely clear to me. For example, if I create blocking rules for incoming and outgoing requests for a domain bing.com, I can still ping it in the console, it seems to me that this is not quite correct, since I expect a complete blocking of access to the host. For example, in Norton, this is how it works, if you block the host, you can't even ping it.
I also set up a Portmaster connection to my NextDNS account via DOT, and in the web console I saw a lot of requests to hosts related to advertising and telemetry, which should definitely be blocked by the built-in filters. The feeling that the blocking in Portmaster occurs after a DNS request, but the DNS requests themselves are not filtered (?) - this seems a little strange, since i expect filtering at both the DNS and IP levels at the same time from an application that supports DNS encryption and DNS traffic interception.
I also set up a Portmaster connection to my NextDNS account via DOT, and in the web console I saw a lot of requests to hosts related to advertising and telemetry, which should definitely be blocked by the built-in filters. The feeling that the blocking in Portmaster occurs after a DNS request, but the DNS requests themselves are not filtered (?) - this seems a little strange, since i expect filtering at both the DNS and IP levels at the same time from an application that supports DNS encryption and DNS traffic interception.
- Apr 4, 2021
- 360
Update v0.6.15
Changelog by Daniel (dhaavi - Overview):
Portmaster has really great developers: reaction for my comments in less than a day! Now ping does not work for blocked hosts and IP addresses, and the rules created for the System DNS Client allow you to block requests to the DNS server before they are actually processed.
An explanation is needed here: global rules make a block after processing a DNS request - this is a prerequisite to support different sets of rules for different applications. Therefore, you will see requests to the DNS server in the console of your NextDNS, ControlD, or Pi-Hole, but in fact Portmaster will block the connection for a specific application. Read more in an interesting article from the official blog: Attributing DNS Requests on Windows
Changelog by Daniel (dhaavi - Overview):
Portmaster has really great developers: reaction for my comments in less than a day! Now ping does not work for blocked hosts and IP addresses, and the rules created for the System DNS Client allow you to block requests to the DNS server before they are actually processed.
An explanation is needed here: global rules make a block after processing a DNS request - this is a prerequisite to support different sets of rules for different applications. Therefore, you will see requests to the DNS server in the console of your NextDNS, ControlD, or Pi-Hole, but in fact Portmaster will block the connection for a specific application. Read more in an interesting article from the official blog: Attributing DNS Requests on Windows
Last edited:
- Feb 25, 2017
- 2,585
If you are active on Wilders it would be great if you could ask them if they are interested in joining MalwareTips to answer further questions here too.
- Jul 8, 2012
- 895
If you are active on Wilders it would be great if you could ask them if they are interested in joining MalwareTips to answer further questions here too.
Just made a post there requesting if a Portmaster team member would be willing to join here.
- Feb 25, 2017
- 2,585
Thanks a lot, much appreciated!Just made a post there requesting if a Portmaster team member would be willing to join here.
- Apr 4, 2021
- 360
I do not sit on Wilderssecurity at all, so I invited the developer here right away in the first email few day ago! David form Postmaster's team noted that he really likes the reactions to messages, but it seems to be quite difficult for them to answer questions at once on 4 platforms (wilderssecurity, git, email, mt)
But I think that sooner or later they will appear here ) By the way, a new post on Wilderssecurity demonstrates the really unrealistically ambitious plans of the developers.
Also, I have already tried the Portmaster together with Eset IS, SEP and Trend Micro and did not notice any incompatibilities.
- Apr 4, 2021
- 360
Quite strange! There was a message from a Portmaster representative here, but it's gone now. Has he changed his mind about talking to us? (just a joke)
Has he changed his mind about talking to us? (just a joke) 
- Jun 7, 2021
- 25
Hey there Malewaretips community, co-founder here 
--------------------------------------------------------------
I was banned for my post yesterday, that is why it vanished. Probably too many links triggered some spam mechanism. I appealed and now I'm back new version has fewer links, I am sure you will find the other resources mentioned
--------------------------------------------------------------
first off, thanks for giving the Portmaster a go, thanks for the thread and for all your feedback!
As CyberDevil already mentioned it is a challenge for us to follow and respond to all activities over various platforms. For a guaranteed response please come by on GitHub or send us an email (find the mail on our homepage). But I will definitely lurk to answer non-technical stuff and ask the Portmaster devs to chime in from time to time for technical stuff, hope that will work out.
First Reactions
The topic around DNS was discussed in depth in GitHub issue #325, where our blog post on Attributing DNS Requests on Windows came up (linked above in CyberDevil's post from June 1st).
And in terms of this:
I definitely agree that we are ambitious. But please take Daniel's communication about "we have XYZ planned" with a pinch of salt. We do brainstorm and collect ideas, both from within the team and from the community (and Daniel is great at that). But at the end of the day, we gather all these ideas and somebody else - not the techies - calls the shots of what gets worked on next and what not.
We Love Feedback, Even If Features Cannot Be Guaranteed
I hope it is communicated clearly that we are only working on things mentioned in the Next Page (and some smaller stuff and bug fixes which do not justify a full card). Everything else is collected in our Backlog and our Project Management System, dubbed the "CC". We have plenty of ideas flowing around, but in the end, no feature can be guaranteed. It might not fit into our vision for the Portmaster, or it might not be technically feasible to implement. And naturally we just take it step by step via prioritization, as we have done so far.
And there your voice has an impact! We love to hear about your experiences and appreciate all reports/suggestions you have for the Portmaster! It gives us a reality check of where we really stand, and feedback from a user weighs so much more. We have all become a bit expert blind (I think that is a term).
Help Us Maturing Into Beta
As we are currently in alpha we are mostly interested in finding nasty bugs, incompatibilities with other software and your experiences as new Portmaster users. Some features and behavior have become super obvious to us, but for new users they are not! Hearing about these experiences is super valuable to us.
Both UX and technical stability needs improving for us to be able to move into Beta, which is our goal - and if anyone can find nasty edge cases, I am sure I have come to the right community
Thanks again for all the love, feel free to follow up! Looking forward to the next weeks
--------------------------------------------------------------
I was banned for my post yesterday, that is why it vanished. Probably too many links triggered some spam mechanism. I appealed and now I'm back
new version has fewer links, I am sure you will find the other resources mentioned--------------------------------------------------------------
first off, thanks for giving the Portmaster a go, thanks for the thread and for all your feedback!
As CyberDevil already mentioned it is a challenge for us to follow and respond to all activities over various platforms. For a guaranteed response please come by on GitHub or send us an email (find the mail on our homepage). But I will definitely lurk to answer non-technical stuff and ask the Portmaster devs to chime in from time to time for technical stuff, hope that will work out.
First Reactions
The topic around DNS was discussed in depth in GitHub issue #325, where our blog post on Attributing DNS Requests on Windows came up (linked above in CyberDevil's post from June 1st).
And in terms of this:
I definitely agree that we are ambitious. But please take Daniel's communication about "we have XYZ planned" with a pinch of salt. We do brainstorm and collect ideas, both from within the team and from the community (and Daniel is great at that
). But at the end of the day, we gather all these ideas and somebody else - not the techies - calls the shots of what gets worked on next and what not.We Love Feedback, Even If Features Cannot Be Guaranteed
I hope it is communicated clearly that we are only working on things mentioned in the Next Page (and some smaller stuff and bug fixes which do not justify a full card). Everything else is collected in our Backlog and our Project Management System, dubbed the "CC". We have plenty of ideas flowing around, but in the end, no feature can be guaranteed. It might not fit into our vision for the Portmaster, or it might not be technically feasible to implement. And naturally we just take it step by step via prioritization, as we have done so far.
And there your voice has an impact! We love to hear about your experiences and appreciate all reports/suggestions you have for the Portmaster! It gives us a reality check of where we really stand, and feedback from a user weighs so much more. We have all become a bit expert blind (I think that is a term).
Help Us Maturing Into Beta
As we are currently in alpha we are mostly interested in finding nasty bugs, incompatibilities with other software and your experiences as new Portmaster users. Some features and behavior have become super obvious to us, but for new users they are not! Hearing about these experiences is super valuable to us.
Thanks for this! I'll try to update the docs in the next week.
Both UX and technical stability needs improving for us to be able to move into Beta, which is our goal - and if anyone can find nasty edge cases, I am sure I have come to the right community
Thanks again for all the love, feel free to follow up! Looking forward to the next weeks
Last edited:
Thank you so much davegson I hope to follow Portmaster on the journey from Alpha, to beta, then final version! I love seeing software evolve!
Is there any place we can donate ?
Is there any place we can donate ?
- Jun 7, 2021
- 25
We once had this option, but no longer. We opted to focus more on having a business model which you can read more about here.
However, we might re-evaluate if a lot of these requests come in. You can also purchase the product and then not use it, which we can define as a donation in the meantime
or as crypto payments will launch we can also easily add an address for each accepted currency as a donation address... we'll see
- Jul 8, 2012
- 895
Just saw this response from dhaavi (Portmaster Lead developer.)
GitHub
Email: support@safing.io
And for those interested, I just saw that they are also on Reddit. But dhaavi mentioned that GitHub and email are preferred for guaranteed response.
My Co-Founder already posted there.
As he and others have already mentioned there, it is a challenge for us to follow and respond to all activities over various platforms. For a guaranteed response please come by on GitHub or send us an email (find the mail on our homepage).
But someone will definitely stick around here to answer some questions, we hope that will work out.
As he and others have already mentioned there, it is a challenge for us to follow and respond to all activities over various platforms. For a guaranteed response please come by on GitHub or send us an email (find the mail on our homepage).
But someone will definitely stick around here to answer some questions, we hope that will work out.
GitHub
Email: support@safing.io
And for those interested, I just saw that they are also on Reddit. But dhaavi mentioned that GitHub and email are preferred for guaranteed response.
- Jul 26, 2015
- 263
@davegson
Testing out the Portmaster Firewall.
Have to say a good Firewall with Filter-lists.
Feedback:
The thing that confuses me most are the settings - OFF - DANGER - UNTRUSTED - TRUSTED <- Why not a Simple On/Off Switch and even if it is Zone Based then for every Zone a On / Off Switch.
I like on how there are Global Rules and that you can Individualize every Single App with its own Rule-Set.
Bug or a featrue - Tray Icon missing after initial Installation and can not get it back - But the Firewall Core is still filtering.
Otherwise very good performance network-wise. Tested with a constant RDP Connection to my Work Laptop and watching Streams on the Host-machine plus Surfing the Web ^^
Best regards
Val.
Testing out the Portmaster Firewall.
Have to say a good Firewall with Filter-lists.
Feedback:
The thing that confuses me most are the settings - OFF - DANGER - UNTRUSTED - TRUSTED <- Why not a Simple On/Off Switch and even if it is Zone Based then for every Zone a On / Off Switch.
I like on how there are Global Rules and that you can Individualize every Single App with its own Rule-Set.
Bug or a featrue - Tray Icon missing after initial Installation and can not get it back - But the Firewall Core is still filtering.
Otherwise very good performance network-wise. Tested with a constant RDP Connection to my Work Laptop and watching Streams on the Host-machine plus Surfing the Web ^^
Best regards
Val.
Last edited:
- Jun 7, 2021
- 25
Thanks Val for your time! Thought I'd get notified via mail but something is up in my settings, still new to MT I guess.
Yes, you are not alone! This is definitely the highest learning curve a PM user has to go through, many have reported confusion around this. It is not a feature we want to remove though since we feel it is that valuable. It also makes us very unique
Anyway, here is a sneak peek for you all:
we are working on a "guide" feature where you can click a question mark next to a feature which will then open up an explainer of said feature and blur out everything else. Will definitely be used to explain the network rating better. Aiming for a release in August, with the "Beta" release channel getting it earliest as always.
That's a bug for sure haha - after installation a reboot is heavily recommended, since it resolves a lot of odd and tricky behavior such as what you described. We are working on improving the installation experience too to make it crystal clear to reboot in order to get the PM going.
so good to hear - keep the input and advice coming!
Eagerly working on making this piece better and better
Yes, you are not alone! This is definitely the highest learning curve a PM user has to go through, many have reported confusion around this. It is not a feature we want to remove though since we feel it is that valuable. It also makes us very unique
Anyway, here is a sneak peek for you all:
we are working on a "guide" feature where you can click a question mark next to a feature which will then open up an explainer of said feature and blur out everything else. Will definitely be used to explain the network rating better. Aiming for a release in August, with the "Beta" release channel getting it earliest as always.
Bug or a feature - Tray Icon missing after initial Installation and can not get it back - But the Firewall Core is still filtering.
That's a bug for sure haha - after installation a reboot is heavily recommended, since it resolves a lot of odd and tricky behavior such as what you described. We are working on improving the installation experience too to make it crystal clear to reboot in order to get the PM going.
so good to hear - keep the input and advice coming!
Eagerly working on making this piece better and better
