| core | ||
| detection/dga | ||
| firewall | ||
| intel | ||
| nameserver | ||
| netenv | ||
| network | ||
| pmctl | ||
| process | ||
| profile | ||
| resolver | ||
| status | ||
| ui | ||
| updates | ||
| .ci-inject-internal-deps.sh | ||
| .gitattributes | ||
| .gitignore | ||
| .golangci.yml | ||
| .travis.yml | ||
| AUTHORS | ||
| build | ||
| CODE_OF_CONDUCT.md | ||
| Gopkg.lock | ||
| Gopkg.toml | ||
| LICENSE | ||
| main.go | ||
| pack | ||
| pack_core | ||
| README.md | ||
| test | ||
| TRADEMARKS | ||
Portmaster
The Portmaster enables you to protect your data on your device. You are back in charge of your outgoing connections: you choose what data you share and what data stays private. Read more on docs.safing.io.
Current Status
NOTE: Portmaster is currently in development freeze in order to focus on our upcoming privacy network (Codename: Gate17)
The Portmaster is currently in alpha. Expect dragons.
Supported platforms:
- linux_amd64
- windows_amd64 (soon)
- darwin_amd64 (later)
Using the Alpha Version
Must-Know Basics
The Portmaster is all about protecting your privacy. As soon as it starts, it will start to intercept network connections. If other programs are already running, this may cause them to lose Internet connectivity for a short duration.
The main way to configure the application firewall is by configuring application profiles. For every program that is active on the network the Portmaster automatically creates a profile for it the first it's seen. These profiles are empty at first and only fed by a fallback profile. By changing these profiles in the app, you change what programs are allowed to do.
You can also see what is going on right now. The monitor page in the app lets you see the network like the Portmaster sees it: Communications represent a logical connection between a program and a domain. These second level objects group Links (physical connections: IP->IP) together for easier handling and viewing.
The Portmaster consists of three parts:
- The core (ie. the daemon) that runs as an administrator and does all the work. (
sudo ./pmctl run core --data=/opt/pm_db) - The app, a user interface to set preferences, monitor apps and configure application profiles (
sudo ./pmctl run app --data=/opt/pm_db) - The notifier, a little menu/tray app for quick access and notifications (
sudo ./pmctl run notifier --data=/opt/pm_db)
If you want to know more, here are the docs.
Installation
The pmctl command will help you get up and running. It will bootstrap your the environment and download additional files it needs. All commands need the --data parameter with the database location, as this is where all the data and also the binaries live.
Just download pmctl from the releases page and put it somewhere comfortable. You may freely choose where you want to put the database - it needs to be the same for all commands. Here we go - run every command in a seperate terminal window:
# Either export the PORTMASTER_DATA environment variable or add
# --data=/opt/pm_db to all commands below. If you use pmctl a
# lot you may move the export line to your ~/.bashrc
export PORTMASTER_DATA=/opt/pm_db
# start the portmaster:
sudo ./pmctl run core
# this will add some rules to iptables for traffic interception via nfqueue (and will clean up afterwards!)
# already active connections may not be handled correctly, please restart programs for clean behavior
# then start the app:
./pmctl run app
# and the notifier:
./pmctl run notifier
Feedback
We'd love to know what you think, drop by on our forum and let us know!
If you want to report a bug, please open an issue on Github.
Documentation
Documentation in progress can be found here: docs.safing.io
Usage Dependencies
Linux
- libnetfilter_queue
- debian/ubuntu:
sudo apt-get install libnetfilter-queue1 - fedora:
sudo yum install libnetfilter_queue - arch:
sudo pacman -S libnetfilter_queue
- debian/ubuntu:
- Network Manager (optional)
Windows
- Windows 7 (with update KB3033929) or up
- KB3033929 (a 2015 security update) is required for correctly verifying the driver signature
- Windows Server 2016 systems must have secure boot disabled. (clarification needed)
Build Dependencies
Linux
- libnetfilter_queue development files
- debian/ubuntu:
sudo apt-get install libnetfilter-queue-dev - fedora:
? - arch:
sudo pacman -S libnetfilter_queue
- debian/ubuntu:
TCP/UDP Ports
The Portmaster (with Gate17) uses the following ports:
17Gate17 port for connecting to Gate17 nodes53DNS server (local only)717Gate17 entrypoint as the local endpoint for tunneled connections (local only)817Portmaster API for integration with UI elements and other helpers (local only)
Learn more about why we chose these ports.
Gate17 nodes additionally uses other common ports like 80 and 443 to provide access in restricted network environments.