Portmaster and SPN by Safing.io

Yes that should work since you can quit the service via the taskbar icon and restart from the app menu when needed.

Portmaster isn’t an electron app.

1 Like

Apparently you didn’t read the original post. Portmaster does not collect any private data - there is no way it could do that. Also it’s not connecting to a remote service. It’s a systemd.service


1 Like

In the GUI you can swith on/off SPN with a slider.
Portmaster is opened and closed like any other application, or you can also define rules for which connections it should monitor or not

Or you can do all of that in the tray




Seems to be written in Go:

1 Like

Base Technology

  • Portmaster integrates into network stack using nfqueue on Linux and a kernel driver (WFP) on Windows.
  • Packets are intercepted at the raw packet level - every packet is seen and can be stopped.
  • Ownership of connections are (currently) found via /proc on Linux and the IP Helper API (iphlpapi.dll) on Windows.
  • Most settings can be defined per app, which can be matched in different ways.
  • Support for special processes with weird or concealed paths/actors:
    • Snap, AppImage and Script support on Linux
    • Windows Store apps and svchost.exe system services support on Windows
  • Everything is 100% local on your device. (except the SPN, naturally)
    • Updates are fully signed and downloaded automatically.
    • Intelligence data (block lists, geoip) is downloaded and applied automatically.
  • The Portmaster Core Service runs as a system service, the UI elements (App, Notifier) run in user context.
  • The main UI still uses electron as a wrapper - but this will change in the future. You can also open the UI in the browser

“Force Block Incoming Connections” is enabled by default in the Global Settings for all apps to block all from LAN and internet.
But this option is in the highest priority and ignores or doesn’t respect your custom whitelists for any apps you want to set.

A tip:
How to switch from “Force Block Incoming Connections” to custom “Incoming Rules” in Global Settings:

  1. Disable “Force Block Incoming Connections”

  2. Change “Simple Interface” to “Advanced Interface” for GUI to show a hidden function “Incoming Rules

  3. Add “Allow localhost” and "Block *" in Incoming Rules, the behavior is like “Force Block Incoming Connections”

Done, global Incoming Rules respect your custom whitelists for any apps.


I really like the SPN, it must really confuse anyone watching my cat pictures whiz around the internet.
Some of the exit nodes are not the best fit geographically but that’s a minor gripe.

Setting the SPN to balanced my browser is connected to local exit servers and other things like nextcloud and steam take a more leisurely route.

I use it since I heard about it in another thread a few months back, and I think it is a great tool too. I don’t use the paid features which are a good part of the application, still it provides me with a powerful tool to manage network related stuff. I used Eset on Windows for almost a decade and I like to be able to get some similar features like controlling individual application permission/settings. The global lists are great too!

Good to have it in Manjaro.

1 Like

I also think it’s great (I only use the free stuff)

It’s actually so great I sometimes forget about it.
The other day when I finally installed manjaro ARM I wanted to connect my rpi to my standard backup network folder like I do on all my other scb:s. Could not for MY LIFE figure out why the server didn’t work on the new software wile ALL other scb:s work…
Then… kathcing “Oh yeah, portmaster…”
Click “smbd”, click “…”, click “allow ip”… Done…

It’s just fkn great, even plays well with my pihole with the correct settings.
Grade: 10/10

Anyone knows how to copy are import my setting to a second PC?

I try to rsync ~/config/Portmaster to another Computer, but that didn’t do the trick

I guess there would be system wild configuration files/folder somewhere else then.

//EDIT: maybe like /opt/safing/portmaster/ ?

1 Like


anyone knows how to set the rules for Force Block Incoming Connections and syncthing ?

The rule localhost in incoming is active, but it still gets block.

Also, allowing syncthing IP in the filter didn’t help.

And the * in incoming allow rules + add the Force Block Incoming Connections Button seems redundant to me.

Force Block Incoming Connections is enabled by default, but it is in the highest priority and ignores your custom rules.

You can disable Force Block Incoming Connections and add Allow localhost and Block * in global incoming rules. See here:

1 Like

Well thanks that’s works,

we maybe have to add to ignore the “Danger incoming setting notification” afterward and click it away, because the rule of * takes care of that…

  • I was sure does rule setting didn’t work out at my first try, but maybe I had it not setup same on both PC…

[ EDIT ] syncthing Global Discovery has to stay on!
add the LAN IP from Portmaster filter has well to the rules, even with localhost already in the income allow settings.

In no Portmaster review, do I read about the 14 Eye countries Serveilance Alliance. I guess I need to understand that Portmaster is set up differently than VPNs.

But what is that fundamental difference, that - despite the fact that Portmaster is located in Austria (*) - that the privacy for my data is 100% guaranteed anyway?

(*) I think Austria is part of the 14 Eye countries Serveilance Alliance.

I think you’re being paranoid. It’s only Five Eyes — USA, Canada, UK, Australia and New Zealand. :stuck_out_tongue:


Australia (:australia:) is the country with the kangaroos, the koalas, the kookaburras, the platypuses, the Tasmanian devils, and the most dangerous spider in the world, i.e. the Australian redback spider.

Austria (:austria:) is that country with the drunken guys in lederhosen who spend their days yodeling in the mountains. :stuck_out_tongue:

1 Like

no eyes in Austria … :disguised_face:


Ah okay. This surprises me; Because I estimated that the European Union would count as one nation.

1 Like