explaingit

safing/portmaster

12,693GoAudience · generalComplexity · 3/5Setup · moderate

TLDR

A free, open-source desktop firewall for Windows and Linux that monitors every network connection, lets you block or allow apps individually, and automatically filters out trackers and malware domains.

Mindmap

mindmap
  root((Portmaster))
    What it does
      Per-app firewall
      Block bad domains
      Encrypted DNS
    Privacy Network
      SPN routing
      Layered encryption
    Tech
      Go language
      OS network layer
    Audience
      Privacy users
      Windows and Linux
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

Things people build with this

USE CASE 1

Block a specific program from accessing the internet while allowing other apps through.

USE CASE 2

Automatically filter tracker and malware domains across all apps without manual configuration.

USE CASE 3

Encrypt your DNS queries so your internet provider cannot see which websites you visit.

USE CASE 4

Route your traffic through multiple servers for extra privacy using the built-in SPN network.

Tech stack

Go

Getting it running

Difficulty · moderate Time to first run · 30min

Requires OS-level network stack access, installation needs admin privileges on Windows or Linux.

Free and open-source, the exact license type is not specified in the description.

In plain English

Portmaster is a free and open-source application firewall for Windows and Linux desktops. A firewall controls which programs on your computer are allowed to connect to the internet and which connections get blocked. Portmaster watches every network connection at a low level, identifies which application made it, and lets you allow or block traffic on a per-app basis. It also automatically blocks connections to known tracker and malware domains using built-in filter lists, so your privacy improves from the moment you install it without requiring manual setup. The tool provides a graphical interface where you can see all current and recent network activity, apply global rules that affect all applications, and override settings for individual apps. For example, you can allow a web browser to access the internet while blocking a different program from making any outbound connections at all. DNS queries, which are the requests your computer makes to look up domain names, are intercepted and sent through encrypted resolvers to prevent your internet provider from seeing which websites you visit. Some features require a paid subscription. Recording and searching your network history, monitoring per-app bandwidth usage, and access to a privacy network called SPN are paid tiers. The SPN routes traffic through multiple servers using layered encryption, similar in concept to Tor but run by Safing (the company behind Portmaster) and community-hosted nodes. The README notes speeds above 100 Mbit/s. Portmaster is developed in Austria and runs entirely locally on your device. It is built in Go and integrates into the operating system at the network stack level, intercepting packets before they leave the machine. Documentation, compatibility notes, and installation guides are available on the project's wiki.

Copy-paste prompts

Prompt 1
I installed Portmaster on Linux. How do I create a per-app rule that blocks a specific program from making any outbound connections while leaving my browser unrestricted?
Prompt 2
Help me set up Portmaster on Windows to block all outbound connections by default and only allow apps I explicitly approve.
Prompt 3
How do I configure Portmaster to use encrypted DNS resolvers instead of my ISP's default DNS servers?
Prompt 4
Explain how Portmaster's SPN privacy network differs from a regular VPN and walk me through enabling it in the app.
Open on GitHub → Explain another repo

← safing on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.