Portmaster Free Showcase

Co-founder and CCO of Safing here :wave:, I thought I’d pitch Portmaster Free for PrivacyGuides.

For Who Is Portmaster Free?

Portmaster is a privacy suite for people who want an easy solution to step up their privacy on their desktop OS.

Portmaster Free Features

  • Monitor All Network Activity
  • Automatically Block Trackers & Malware
  • Secure Your DNS Requests by Default
  • Create Your Own Rules
  • Set Global & per‑App Settings
  • Install & Forget Solution

You do many of these things in your browser, you should do it for your complete OS.

Technology Overview

  • Portmaster integrates into network stack using nfqueue on Linux and a kernel driver (WFP) on Windows.
  • Packets are intercepted at the raw packet level - every packet is seen and can be stopped.
  • Ownership of connections are (currently) found via /proc on Linux and the IP Helper API (iphlpapi.dll) on Windows.
  • Most settings can be defined per app, which can be matched in different ways.
  • Support for special processes with weird or concealed paths/actors:
    • Snap, AppImage and Script support on Linux
    • Windows Store apps and svchost.exe system services support on Windows
  • Everything is 100% local on your device. (except the SPN, naturally)
    • Updates are fully signed and downloaded automatically.
    • Intelligence data (block lists, geoip) is downloaded and applied automatically.
  • The Portmaster Core Service runs as a system service, the UI elements (App, Notifier) run in user context.
  • The main UI still uses electron as a wrapper : / - but this will change in the future. You can also open the UI in the browser

Feature: Privacy Filter

  • Define allowed network scopes: Localhost, LAN, Internet, P2P, Inbound.
  • Easy rules based on Internet entities: Domain, IP, Country and more.
  • Filter Lists block common malware, ad, tracker domains etc.

Feature: Secure DNS

  • Portmaster intercepts “astray” DNS queries and reroutes them to itself for seamless integration.
  • DNS queries are resolved by the default or configured DoT/DoH resolvers.
  • Full support for split horizon and horizon validation to defend against rebinding attacks.

Feature: Safing Privacy Network (SPN)

Further Reading

Happy to discuss & answer any questions!


I have been meaning to try Portmaster out for a while, and think it might make sense particularly related to


If we were to add it, we would have to figure out under which section.

1 Like

happy to introduce new categories for privacy software :smirk: :smile:

It would make sense to add it in Firewall section, along with simplewall (windows) and Lulu and/or Little Snitch on macOS. Android and iOS equivalents could be included as well.

The ability to revoke network access to specific apps is a huge privacy improvement, IMO.

It would be probably related to a new Software/Firewall section.