First look at Portmaster, an open source cross-platform network monitor

Martin Brinkmann
May 16, 2022
Windows software
|
13

Portmaster is a free open source cross-platform network activity monitor that is available in an early version for Windows and the Linux distributions Ubuntu and Fedora.

portmaster interface

Portmaster combines traditional network activity monitoring with additional features, such as the option to enforce the use of secure DNS or the automatic blocking of advertisement, trackers and malicious hosts using filter lists, which are commonly used by ad-blockers.

Portmaster is free to use, which usually leads to the question of how development is financed. The developers behind Portmaster reveal information on that on the official project website. Basically, what they plan to do is use a freemium model. Portmaster will be free for all users but extra services, a VPN is mentioned specifically, is available for users who sign-up for it. Money is earned through that, which is used to finance development.

ADVERTISEMENT

Portmaster: first look

portmaster connection details

An alpha version of Portmaster is available for Windows and Linux. It is released for testing and development purposes at the time. Alpha software may include bugs and issues, and should not be installed on production machines.

The development team notes that the alpha tag is "more about missing features than instability" of the application. Planned features for the first beta release include importing and exporting options, support for custom filter lists, cryptographically signed updates, and a full-device network monitor.

Installation is straightforward on Windows; a reboot is required to complete the installation process. The interface is well-designed and modern. The main page lists recent network activity, including the total number of connections, and the percentage of allowed and blocked connections.

A click on an application or service in the network activity listing displays details, including name and path, and information about each connection that was made in the past.

Each connection is listed with the target, whether the data was encrypted, the IP addresses and countries of the IP addresses.

Settings can be defined for each individual application. Besides blocking all network activity, users may modify several connection specific options. To name a few:

  • Switch between default network actions: allow, block, prompt.
  • Block Internet or LAN connectivity.
  • Block P2P/Direct Connections
  • Block incoming connections.
  • Configure outgoing rules.
  • Apply filter lists, e.g. ad and tracker blocking, malware hosts

All of these can be defined globally, so that the preferences apply to all applications and services by default. Override options are available for individual apps.

The All Apps section lists all applications with current and past network activity. A search feature is available to find apps quickly in the listing. You may select any application or service to modify the default networking behavior.

The premium feature SPN, Safing Privacy Network, is also included as an alpha version. The service is inspired by Tor, as it routes connections through several network hops for improved privacy. The core difference to VPNs is the multi-hop architecture. Some VPNs, NordVPN for instance, support multiple connections as well, but these are usually not designed to hide information such as the destination from each other.

Closing Words

Portmaster is a promising network monitor: it is free, open source and available for different platforms. Windows and Linux versions are available, and a Mac version is planned for the future. The interface is well-designed, and while some features are missing, it is functional already.

It is too early to tell how it will stack up against other network monitors and firewalls such as Glasswire, Windows Firewall Control, or SimpleWall.

Now You: do you use a third-party network monitor or firewall?

Summary
First look at Portmaster, an open source cross-platform network monitor
Article Name
First look at Portmaster, an open source cross-platform network monitor
Description
Portmaster is a free open source cross-platform network activity monitor that is available in an early version for Windows and the Linux distributions Ubuntu and Fedora.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Paul(us) said on May 16, 2022 at 12:46 pm
    Reply

    I am personally quite pleased with the onboard (integrated) Firewall possibility from the software Eset internet security 15 series. https://www.eset.com/int/firewall/
    More info at – https://help.eset.com/eis/15/en-US/idh_config_epfw_basic_group.html

    1. Paul(us) said on May 16, 2022 at 12:59 pm
      Reply

      Sorry, totally not related! I do not know what I was thinking! :-)

  2. Tony said on May 16, 2022 at 3:55 pm
    Reply

    Having used Portmaster for a little while, here are a few thoughts. It is an effective firewall, however, I found that some apps will route through the DNS service and/or system services, so you have to be on the lookout if you don’t have “prompt” set.

    Two annoyances I have with Portmaster itself is that 1) it makes a connection to it’s developer site once every hour, supposedly for updates. There is no way to set how frequent the update checks are, and if you turn off the update checks, the Firewall thinks it is very ill and so permanently displays a yellow problem indicator, even though nothing is wrong with it.

    2) It frequently pings “dns-check.safing.io” several times a second if you choose to block it. I have a custom DNS setup that works for me, but Portmaster doesn’t like, so this check is blocked because otherwise it tries to reset my DNS settings in the OS every now and then, which breaks the internet for a few minutes.

    Ultimately I removed it. It wasn’t worth the headache for me.

    1. Anonymous said on May 16, 2022 at 9:36 pm
      Reply

      It is open source, hopefully someone will fix it.

  3. Tom Hawack said on May 16, 2022 at 4:35 pm
    Reply

    I have the feeling of repeating myself, because I am, yet for those who’d ignore the thrilling cyber adventures of Daddy Hawack and who’d wonder what his answer to the article’s question is, here goes:

    Do I use a third-party network monitor or firewall? The winner — I mean the answer — is : yes.

    Anxiously waiting for a developed answer? If no then bon voyage, otherwise I’ll complete by stating that I’ve used for years DNSCrypt-proxy which combines encrypted DNS (DoH and DNScrypt protocoles), anonymous DNS requests (only with resolvers accepting the DNScrypt protocol), blacklists (domain and IP), whitelists, cloaking, forwarding, captive portals… Multi-platform moreover.

    A specially skinned answer because otherwise laziness may have invited me to honor silence :=)

    1. Haakon said on May 16, 2022 at 9:51 pm
      Reply

      That’re all good, well known strategies. But what’s your IPS/IDS model?

      1. Tom Hawack said on May 16, 2022 at 11:28 pm
        Reply

        What’s yours?
        Depends of the environment. I’m no longer in business, devices are home located.

        Prevention system-wide is basically DNSCrypt-proxy with a substantial list of blocked domains and ips,
        together with a few Windows tweaks lowering the attack risk. No universal anti-this and you name it solutions.

        Prevention browser-wide is of course uBlock Origin together with a few other security/privacy oriented extensions. When I go surfing off-shore I enable the Netcraft Extension. Many enhanced Firefox privacy/security tweaks. I don’t use any other browser.

        Remains detection. Frankly never encountered an attack at home over 22 years.
        Of course I never install an application or software before getting info and mainly that of VirusTotal.
        Once in a while I check the system with the Hitmanpro application. I think that over several years it never detected anything substantial, not to mention false positives here and there.

        Again, this is in a home environment. When you consider companies’ issues regarding intrusion obviously IPD/IDS is too often inadequate.

  4. Anonymous said on May 16, 2022 at 7:14 pm
    Reply

    Any real features besides blocking the same other firewalls do and show statistics in a ‘pretty modern interface’? (it is not pretty, it actually looks bad and simple).

    for example, does it uses its own driver? if it is a yes, does that mean it filter or will filter svchost so you can really fine tune your blocking needs? what about support wildcards in program path names to allow or deny a folder and subfolders? what about automatically allow subprocesses? what about rules that you can be grouped and scheduled?

    I mean, all the firewalls you mentioned are either an overpriced pretty interface like Glasswire that doesn’t add anything special, WFC is just a front end of Windows Firewall which is bad because Windows Firewall will automatically allow outgoing connection for Store apps you install and that can’t be blocked once you set Windows Firewall to “Block” the outgoing connections.
    Yeah you can “protect windows firewall” but WFC is slower, it reminds me how nice the features and interface were from Private Winten but it was so slow and it had the same issues by being just Windows Firewall skin.
    Simplewall is okay, but too simple since it uses the same WFP features, so it is not a skin but it has the same features pretty much as Windows Firewall.

    The best firewall some years ago was Tinywall but now Fort Firewall is the best one. Fort, like you like to mention is ‘free and open source’ the difference is the guy developing it is a genius and he doesn’t seem to seek making you to ‘sign up’ for accounts like Portmaster people which is already a way to say “well, we don’t care about your privacy, only about your payment method and we will want to make money off this with premium features and services”.

    But what matters is the features, and Fort Firewall as far as I know is the only one that can filter svchost so it is easy to really block what you want, if a process is not ‘split’ in their own svchost instance to be recognized you can “make trackable” the service, you restart the service or computer and done, but on win11 I only had to do that to CryptSvc, InstallService and DnsCache (the important one) and then I don’t see any “Host Process for Windows Services” requesting connection, it’s all individual svchost services.

    It has wildcards to filter folders, so you have a folder with all your tools or games folder? well easy to allow them to have connections. It also has statistics, a basic traffic graph (someone could request improvement), it has an easy way to add IP lists, it can allow subprocesses like Tinywall does (which the dev took the idea from). The only thing missing for now is rules for individual programs, you can make global rules, but sometimes couple programs might use the same IP, so it is good to finally restrict access to individual programs if needed. But he is currently working on it so it should be available in couple months.
    Also, Fort doesn’t have like popup blocking alert, you only get a little alert on tray icon but he said he will add that eventually, I won’t use it but I guess some people want that.
    There are not allowed connections, only blocked ones, but I find Process Hacker 3 fine to check which connections are allowed, the only problem is svchost so that’s why I wish Fort had their own version of it, which dev said would add anyway.
    Anyway, the UI is not pretty but he is working on it and eventually even dark mode will be added to it, but it is based on QT.

    Doesn’t seem like this Portmaster really offer anything special, so will they do it? I mean the really advanced features? or it will be just a pretty skin like glasswire and that’s it?
    Most people fall for pretty skins and they never seem to really look for quality features that can make the firewalling great, especially in today’s internet where everything gets ‘hidden’ more and more.

    So what features are different from any other firewall? with the ‘alpha is about lack of features’ I guess we can just say “oh well, we will have to see” but this doesn’t look like a tool that will have really good advanced features that will help everyone advanced or not too tech savvy users.
    Just look like it has the same features as others, so nothing special, but they surely wanted to worry more about the UI than the features for sure.

    1. tnodir said on May 24, 2022 at 6:03 pm
      Reply

      Thank you for kind words about Fort Firewall, I’m an author.
      It lacks many features of other firewalls, but slowly improves.

      > for example, does it uses its own driver?

      Portmaster has own driver. But all decisions are made by user-mode part.

      I.e. driver pauses a new connection and sends info to user-mode. User-mode checks the info and sends the decision to driver.

      So, potentially all Fort’s features (svchost fine filtering, wildcard in program paths etc) can be easily implemented in Portmaster.

      I don’t use such model (pause connections and make decision by user-mode), because it’s slow for programs with many short lived connections (e.g. torrents).

  5. Haakon said on May 16, 2022 at 9:45 pm
    Reply

    “It is too early to tell how it will stack up against…Glasswire (sic).” True.

    But one would need to allow GlassWire’s trial to expire in order to stack it up to the free Portmaster. As GW’s firewall would be disabled, there would be no comparison for that function.

    Free GW details, third question down:
    https://www.glasswire.com/faq/

    The security features mentioned are, but not limited to “system file change detection, device list change detection, app info change detection, ARP spoofing monitoring,” “communicating with a known IP or domain threat,” “RDP connection detection” and WiFi Evil Twin Detection®.

    GW’s full run down:
    https://www.glasswire.com/features/

    Granted, GW gets $39 USD for a single PC yearly subscription. A free Portmaster will then have that as an advantage.

    I’ve been using GW ever since it came out, spanning eight Win7 and Win10 PCs. Currently I have the Elite version, purchased when a lifetime license was offered to long-time customers. I’ve used the Android app since it came out, too, in free mode (no firewall, I use AdGuard for that), spanning four google devices (aka “phones”).

    Cheers.

  6. Anonymous said on May 17, 2022 at 3:53 am
    Reply

    I’m stupid. I made a mistake and installed this on my remote machine. It blocked everything on first launch. It didn’t even prompt for white/blacklist mode. Now I’m blocked out until I can drive over and allow my remote client through it.

  7. Anonymous said on May 17, 2022 at 7:10 am
    Reply

    I never use alpha software, and not much beta software. Usually not worth the headache.

  8. Waitman Gobble said on May 17, 2022 at 7:41 am
    Reply

    People have happily used Portmaster to install ports for many years, but I guess it’s a time of reinventing! And all the good names are used up, apparently.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.