Portmaster – Open-source network monitor and firewall

315 点作者 bratao超过 3 年前

26 条评论

jeroenhd超过 3 年前

A firewall with a configuration interface running on Electron, just like the horrid free AV solutions for Windows back in the day :) Can't be too critical of that because the developers have already expressed their dislike of Electron on the website, and it makes sense that they won't drop everything for a huge UI rewrite.This entire thing seems incredibly polished, I'm surprised I haven't heard of this before. For every question and potential limitation for my use cases there seems to be an explanation on their FAQ. I'm definitely going to take this for a spin! Too bad there's no AUR package ready to go yet because I don't really want the burden of updating manually, but all in good time I suppose.

评论 #29766641 未加载

评论 #29767248 未加载

评论 #29763681 未加载

评论 #29763432 未加载

jlgaddis超过 3 年前

For several years now, I've been an advocate for either "uninstalling" the default route on (most) hosts and/or switching to a default deny policy for outbound traffic, just like we all did for inbound traffic a long time ago.I'll readily admit that the amount of work required in order to do this is HUGE and, of course, it isn't gonna happen overnight. Every time we have another one of these massive vulnerabilities that affects damn near everything and everybody, though, I think we get just a little bit closer.Once some large company makes the decision to do it, then actually does it, then (at some point down the road) shares publicly how it totally saved their ass when $thing happened, maybe some CISOs will start to take notice and (eventually) follow suit.As with IPv6, I remain hopeful that we'll get there at some point in my lifetime! Unfortunately, though, I'm sure it'll take a lot more "bad shit" happening first.

评论 #29765204 未加载

评论 #29766608 未加载

评论 #29766218 未加载

munro超过 3 年前

Ooooo nice, I've been using Little Snitch for MacOS lately--it's been shocking how many things phone home, especially development tools. I installed Redhat's YAML extension for VS Code, and it was immediately trying to send a message home.

评论 #29763745 未加载

评论 #29763916 未加载

评论 #29764906 未加载

评论 #29765586 未加载

评论 #29766710 未加载

评论 #29763352 未加载

评论 #29763586 未加载

marcodiego超过 3 年前

AGPL, multi-platform, beautiful UI, non-trivial network monitor and firewall... haven't used it but congrats!

评论 #29762739 未加载

GSGBen超过 3 年前

Damn, looks like a nice free competitor to Glasswire which I'm currently using (which also has an extremely usable free option).Like Glasswire though I'm guessing this doesn't alert on common traffic like DNS lookups via the host, which would still allow malicious software to get traffic in and out unseen.

评论 #29766705 未加载

bifrost超过 3 年前

Might want to rebrand since FreeBSD's "portmaster" has been in use for decades at this point.<a href="https://cgit.freebsd.org/ports/tree/ports-mgmt/portmaster" rel="nofollow">https://cgit.freebsd.org/ports/tree/ports-mgmt/portmaster</a>

评论 #29766691 未加载

mkdirp超过 3 年前

This looks interesting, though it's not entirely clear how it works. The docs go relatively in depth into the code structure, but it doesn't do much else.

评论 #29762489 未加载

评论 #29766748 未加载

gigel82超过 3 年前

I prefer this to SimpleWall, but it's kind-of heavy (both the UI and the service) resource-wise - so I don't run it always, just after big Windows Updates to make sure they don't add new "phone home" "functionality". OSS is also a super nice plus.

评论 #29766712 未加载

DominoTree超过 3 年前

Another day, another name collision; portmaster is also the name of a FreeBSD ports management utility that's been pretty widely-used for well over a decade now

评论 #29764756 未加载

评论 #29765119 未加载

评论 #29766723 未加载

评论 #29766730 未加载

评论 #29765145 未加载

justsomehnguy超过 3 年前

> Phone routing can't be blank> Country does not match with the country prefix for your phone numberFishy.And if you check country prefix with the list of country prefixes anyway... Why do you even bother with country AND prefix?> The Portmaster actually handles DNS itself and will show you DNS queries in the UIYikes. What about the DNS resolvers configured in the system? Do you hijack/overwrite them? [0] I use my own Unbound locally, how Portmaster would handle queries for NSs in the Unbound config which are unknown to the world - leak them? How about QNAME minimization? Where exactly Portmaster would send the DNS queries?Actual kernel module on Windows so it really can do anything it wants and wouldn't be catched by the machine itself?Yikes.Overall, this is the product which could be useful for many users, but for me it's a hard no.The "SPN" idea is interesting, but also raises the questions about who, where and how would control exit nodes.[0] <a href="https://docs.safing.io/portmaster/settings#dns/nameservers" rel="nofollow">https://docs.safing.io/portmaster/settings#dns/nameservers</a> says they are forwarding to Cloudflare by default. /Great/

评论 #29778890 未加载

simonjgreen超过 3 年前

I was pleasantly surprised that this is a Windows first application! I was scrolling through the page thinking "yet another lovely UI for a good problem to solve but surely this will be OSX" and then bam, Windows and Linux now, Mac coming later.Ever since moving away from Mac about 8 years ago I've missed Little Snitch. I'll give this a try I think.

Taniwha超过 3 年前

Pity about the name, those of us who were around when the internet took off out of it's original walled garden will likely remember a "portmaster" as one of the first affordable SLIP routers for those trying to create what were later called "ISPs"

symlinkk超过 3 年前

Asking here as it is tangentially related, but is anyone aware of a way to route traffic on a specific port through a VPN while leaving other ports open? I have spent days looking for a solution to this and haven’t found any concrete answers. Hardware, software, anything.

评论 #29763477 未加载

评论 #29763194 未加载

评论 #29767194 未加载

评论 #29763144 未加载

rfraile超过 3 年前

Seeing it I remember a firewall management gui that was one of the first easy and simple “firestarter”, sadly it was discontinued time ago, before Ubuntu release their “ufw”, which was very similar. Seems promising this tool.

vorpalhex超过 3 年前

Thank you so much for both being open about your monetization strategy (which seems reasonable to me) and having a well written, easily found privacy policy!

评论 #29767436 未加载

superkuh超过 3 年前

It's too bad that Black Ice firewall doesn't work on modern windows OS. It was lightyears ahead of Portmaster's design and functionality even back in the late 90s (at least until IBM bought and ruined it). It seems like it's impossible for software to be self contained these days.

评论 #29768501 未加载

评论 #29764441 未加载

kup0超过 3 年前

Any plans to introduce the ability to control/limit bandwidth (per-app)? Something like that would be a great feature to have in an open-source tool.

评论 #29807195 未加载

johnchristopher超过 3 年前

OT: text on the screenshots is blurry and it's a pain to read :/.

评论 #29766718 未加载

evolve2k超过 3 年前

> MACOS (NOT SUPPORTED)So folks what are the good MacOS alternatives currently?

评论 #29767770 未加载

throwoutway超过 3 年前

Looks great. One issue to note is that it's not supported in MacOS. I wonder if this is due to the MacOS API sandboxing changes that occurred recently?

评论 #29762869 未加载

评论 #29766760 未加载

评论 #29762714 未加载

boomer918超过 3 年前

Curious if this can help with hardware backdoors. This probably uses OS APIs which a sophisticated spyware would maybe work around?

redrobein超过 3 年前

I'm already using Malwarebytes WFC, and I don't care for the ad filtering. Is there any reason I should switch?

nuclearsugar超过 3 年前

I wonder how this compares to the Binisoft Windows Firewall Control wrapper. Is the included firewall in Windows any good?

Smeevy超过 3 年前

Minor item on your alpha notification: It's spelled "hiccup", not "hickup".

评论 #29778718 未加载

endigma超过 3 年前

This would be more useful if it could run in docker with a web client

评论 #29766794 未加载

ofou超过 3 年前

This is amazing