Update Portmaster Firewall (Alpha stage)

Thread Tags
  1. Developer is currently beta testing this product.

SFox

Level 5
Verified
Jun 11, 2019
223
As of the next stable release, it should happen in the next two weeks. The v0.7 series includes a much better monitoring UX, lots of stuff in regards to the SPN and a plenty of bug fixes as well. Naturally you can easily grab features early by switching your Release Channel.
Good. Let's wait for the update!
One more suggestion: you could add a handy interface to connect to DNS servers like NextDNS, like YogaDNS has. Right now I have to form a connection string manually, and I get the IP address for it by pinging the DNS server, but I'm not sure if that IP is static, which could probably cause a problem, also I can't send the client machine name, so I see my laptop as an unknown device in the NextDNS logs.
I noticed one moment. After installing Portmaster, a huge number of blocked requests to the server one.one.one.one appeared in the Next DNS log. (1.1.1.1) marked as a bypass method. Every 30 seconds, such a request is sent from the device. Do you have the same situation in the logs of the Next DNS?
 
  • Like
Reactions: Nevi and davegson

CyberDevil

Level 2
Apr 4, 2021
87
After installing Portmaster, a huge number of blocked requests to the server one.one.one.one appeared in the Next DNS log.
I have only 4 such requests in a day, but I have not activated the setting in nextdns to block bypass methods. Maybe you have so many entries in your logs because portmaster is trying to find out the ip address for the first connection to the DOT from 1.1.1.1 and you won't let it do that, which will loop the process.
 

SFox

Level 5
Verified
Jun 11, 2019
223
I have only 4 such requests in a day, but I have not activated the setting in nextdns to block bypass methods. Maybe you have so many entries in your logs because portmaster is trying to find out the ip address for the first connection to the DOT from 1.1.1.1 and you won't let it do that, which will loop the process.
Perhaps you are right, I will not say for sure, because I don’t know :) Maybe the Portmaster developers will explain here what this means.
 

SFox

Level 5
Verified
Jun 11, 2019
223
I have only 4 such requests in a day, but I have not activated the setting in nextdns to block bypass methods.
I disabled this setting (bypass method) in the Next DNS and see how the situation changes, whether there will be the same large number of requests from the system.
 

davegson

From Safing Portmaster
Verified
Developer
Jun 7, 2021
11
Hey there @CyberDevil,

thanks for all the input - great to hear things are smooth for the most part!

But I'm surprised that you still haven't fixed the context menu at the tray icon. It gets too big from time to time.
It would be nice if it also will support the dark theme.
In terms of the tray menu, yeah 😅, that is ugly. This is triggered by the long error message which then loads the maximum width it can get. We need to cut off or shorten the texts in these cases.

Though honestly it is more likely that will be fixed when Portmaster reaches Beta. Same goes for the dark mode fix. In Alpha we are focusing on (1) technical stability and (2) meeting user expectation better/clarity. As we migrate into Beta, we will then focus more on ironing out the UI/UX stuff.

Also maybe you should reduce the query interval for searching for updates? So that even after a short disconnect from the Internet, for example when I disconnected from the hotspot while going to another university classroom, Portmaster does not immediately display an update error message?
The update check happens once an hour OR when you get online. You can read more about why here.

I talked with Daniel whether or not we maybe should replace the "OR" logic with an "AND". I feel your situation and it does seem annoying, however Daniel was a bit cautious about adding more logic into this. It is not simply about changing an operator. I am unsure whether getting off/on the Internet in a frequent interval is an edge case or something people stumble upon more often, which could justify the added logic.

And I must ask, could solving the error behind the error message solve this annoyance for you? Are you primarily concerned about the query interval or the error? Happy to hear thoughts from others on this topic as well.

One more suggestion: you could add a handy interface to connect to DNS servers like NextDNS, like YogaDNS has. Right now I have to form a connection string manually, and I get the IP address for it by pinging the DNS server
I did check the YogaDNS screenshots and it does seem handy, but from our perspective this opens up a can of worms. Which providers get those fancy buttons? Are those trustworthy? Do they respect user privacy? What happens if one of those are involved in a scandal? Our reputation is at stake too. That is why we went for a limited choice and explained that choice in detail.
And to still empower user choice, we have a dedicated docs site to help with all the other options, alongside NextDNS. But since I assume you did not know about this yet we should probably rethink how to improve linking to those resources...

I'm not sure if that IP is static, which could probably cause a problem, also I can't send the client machine name, so I see my laptop as an unknown device in the NextDNS logs.
As far as I can tell IPs from DNS providers are static, at least it is in the interest of the provider. In many systems you have to manually add the IP. In terms of sending the client machine name not working, could you maybe chime in and re-open this GitHub issue to further describe what does not work.
 

davegson

From Safing Portmaster
Verified
Developer
Jun 7, 2021
11
Hey there @SFox,

thanks for inspecting the PM and your input too, super appreciated!
I noticed one moment. After installing Portmaster, a huge number of blocked requests to the server one.one.one.one appeared in the Next DNS log. (1.1.1.1) marked as a bypass method. Every 30 seconds, such a request is sent from the device. Do you have the same situation in the logs of the Next DNS?
Yes, as @CyberDevil assumed the blocking triggers a loop. I also went over this with Daniel and referenced these two code parts triggering this. [1], [2]

How to best resolve this issue is too straight forward, as it has technical and privacy implications. Daniel is much better equipped to give more details and he will chime in with a response later, likely next week.

Have a good weekend all!
 

SFox

Level 5
Verified
Jun 11, 2019
223
Hey there @SFox,

thanks for inspecting the PM and your input too, super appreciated!

Yes, as @CyberDevil assumed the blocking triggers a loop. I also went over this with Daniel and referenced these two code parts triggering this. [1], [2]

How to best resolve this issue is too straight forward, as it has technical and privacy implications. Daniel is much better equipped to give more details and he will chime in with a response later, likely next week.

Have a good weekend all!
Hi. Thanks for the kind words.
Does this blocking somehow affect the work of the Portmaster? I disabled the bypass function in the Next DNS settings, as I thought that perhaps this blocking could somehow negatively affect the Portmaster's work. But for other users, perhaps this option is important in the Next DNS, and if they use Portmaster, they will have the same problem.
 

SFox

Level 5
Verified
Jun 11, 2019
223
Yes, as assumed the blocking triggers a loop.
Hi. Remember when I wrote about zombie processes in the Linux system monitor? Apparently, they were related to the enabled blocking option in the Next DNS. As soon as I turned off this option, the zombie processes no longer appear in the system monitor. Apparently they were related to a process loop caused by a lock.
There was also a small problem. The program icon from the system tray began to disappear from time to time. After reboot, it reappears, but after 2-3 system boots, it may disappear again. As for the rest, I do not see any visible problems yet.
I hope that in the future the program will show the amount of incoming / outgoing traffic for each program and the speed of the Internet connection.
I read information on the official website, read discussions on other forums. And if I understood correctly, at the moment Portmaster does not protect (and does not even notify the user) ports from being scanned by special programs (for example, Nmap)?
 
Top