# Portmaster — Privacy-First Application Firewall for Your Desktop > Portmaster is an open-source application firewall that monitors and controls network activity on your device, blocking trackers and enforcing DNS-over-TLS by default. ## Install Save in your project root: # Portmaster — Privacy-First Application Firewall for Your Desktop ## Quick Use ```bash # Linux install (Debian/Ubuntu) curl -fsSL https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.deb -o portmaster.deb sudo dpkg -i portmaster.deb # Launch from application menu or run: portmaster ``` ## Introduction Portmaster is a free and open-source application firewall built by Safing that gives you full visibility and control over your device's network activity. It blocks ads, trackers, and malware domains at the DNS level while letting you set per-app network rules. ## What Portmaster Does - Monitors all network connections per application in real time - Blocks ads, trackers, and malware domains using filter lists - Enforces secure DNS (DNS-over-TLS) for all queries by default - Allows per-app rules to permit or deny connections to specific domains or IPs - Provides a system-wide network activity dashboard via its local UI ## Architecture Overview Portmaster operates as a local network filter at the kernel level using the NFQueue interface on Linux and the Windows Filtering Platform on Windows. All DNS queries are intercepted and resolved through encrypted DNS-over-TLS upstreams. A local REST API powers the Electron-based UI that displays connection logs and settings. ## Self-Hosting & Configuration - Install via `.deb` package on Debian/Ubuntu or `.exe` installer on Windows - Access the dashboard at `http://localhost:817` after installation - Configure global DNS servers and filter lists in the Settings panel - Set per-app rules by selecting any application from the network monitor - Portmaster runs as a system service and starts automatically on boot ## Key Features - Application-level firewall with per-process connection visibility - DNS-over-TLS by default with configurable upstream resolvers - Integrated filter lists for ads, trackers, and malware domains - Bandwidth and connection history with detailed logs - Fully local operation with no cloud account required ## Comparison with Similar Tools - **Pi-hole** — network-wide DNS blocker on a separate device; Portmaster runs directly on your machine with per-app control - **Little Snitch** — macOS application firewall; Portmaster is cross-platform and open source - **GlassWire** — network monitor with freemium model; Portmaster is fully free and open source - **AdGuard Home** — DNS-level network filter; Portmaster adds kernel-level per-app firewall rules - **uBlock Origin** — browser-only ad blocker; Portmaster covers all applications system-wide ## FAQ **Q: Does Portmaster work on macOS?** A: macOS support is on the roadmap but not yet available. Currently Portmaster supports Linux and Windows. **Q: Does Portmaster slow down my internet?** A: The overhead is minimal. DNS resolution through encrypted DNS may add a few milliseconds on the first query, but results are cached locally. **Q: Can I use Portmaster alongside a VPN?** A: Yes. Portmaster can work alongside most VPN clients. Safing also offers an optional SPN (Safing Privacy Network) integration for multi-hop routing. **Q: Is Portmaster really free?** A: The core application firewall and all privacy features are free and open source. Safing offers an optional paid SPN service for advanced routing. ## Sources - https://github.com/safing/portmaster - https://docs.safing.io/ --- Source: https://tokrepo.com/en/workflows/0a98d7c7-414b-11f1-9bc6-00163e2b0d79 Author: AI Open Source