It seems you misunderstand.
I want to utilize my hundreds of thousands of url:s in the piholes blocklists, not the portmaster lists that apparently usually contains less than 10 urls.
And If I try to DISABLE portmaster list blocking, it still leaks outside of my designated DoH configured DNS (pihole)
I posted the drill commands above, the first should also report 0.0.0.0
Edit
These are also mentioned in the documentation, I actually missed that. No idea how they are implemented though (ie, how do I disable them? Do I have manually edit sources.yml?), but fair should be fair.
The one acting like an ass in this topic is you, but I guess you can’t see that. How many ass in this thread spent that much time to provide you with what you needed? All the sources and documentation explaining all your questions?
If you’re so much worried about PortMaster, I would suggest you don’t bother asking random people on the internet, but contact them directly and ask them questions directly. Then tell them they are ass because they replied to you.
If you are asking where on the network, the dhcp server (happens to be the same as router) ofc.
The tread is called “Portmaster and SPN by safing.io” in “Manjaro Developemend QA”.
I’m sorry I guess, I took for granted a QA thread was for QA.
Ok… I never thought it was either…? Not sure why you came to that conclusion.
I 100% agree to that, if the program worked like that. The problem is the feature that is supposedly free (filter lists) is not free, because in filtering you assume you will SEE what is being filtered.
But ok then, lets disable that part of the program (filtering) and ONLY use port blocking.
But as I described above, after DISABLING filter lists, they do NOT become disabled.
I honestly thought this thread was to ask questions about portmaster, if not, should it not be closed by now?
LOL, and a good one, I have actually never heard that before.
But questioning flaws is not equal to being a jerk. Unless portmaster is supposed to work like this (leaking outside the ONLY defined DNS), this is def not a jerk situation but rather a big flaw in the program. Depending on who you ask it can also be pretty serious.
If it is by design the whole section about “manual configured DNS” should simply be removed or WARN THAT PORTMASTER WILL DO DNS REQUESTS OUTSIDE OF THE DEFINED DNS!!!
What i suspect is happening, but can not confirm without PAYING THEM (for logs) is that dns requests can:
Leak outside, like is mentioned in the reddit thread, I constantly see Portmaster complain about “slow dns requests” even though they are sub 25ms)
Portmaster setting (Advanced Interface) → Privacy Filter → Block Secure DNS Bypassing that is enabled by default.
Block Secure DNS Bypassing
Prevent apps from bypassing Portmaster’s Secure DNS resolver. If disabled, Portmaster might have reduced information to correctly enforce rules and filter lists. Important: Portmaster’s firewall itself cannot be bypassed.
Current Features:
Disable Firefox’ internal DNS-over-HTTPs resolver
Block direct access to public DNS resolvers
Please note that DNS bypass attempts might be additionally blocked in the Sytem D there too.
Edit://
Git commit [057d16] Block DNS requests with IPs 0.0.0.17 and ::17
We collect the domains of all those lists and de-duplicate them so to save on file size and you download updates hourly with all the new information.
In regards to the logs…
People sometimes say: “pleas delete my browser history when I die…” well your pi-hole is an external browser history and storing it is a privacy nightmare and tbh somewhat stupid.
Portmaster keeps the last 10 min in memory and does not write anything to disk so nothing can grab that information!
Yes there is a history module where you can record the network activity for any application for longer, but pleas don’t use it on your browser , and yes it is a paid upgrade.
Also thanks @Zesko@omano and @linux-aarhus thanks for being nice, and helpful. People who are “asking” questions and then just start renting/venting can destroy a good and productive conversation. But your ethics steer this back to a good place! Thank you
Also FYI my feedly gives me alerts for this forum from time to time so I do read most of the comments here, and I might be back sooner rather then later
added later:
I forgot to mention: if you have a favorite filter list that is not included in the sources.yml, then pleas open an issue in that repo and we will look into including that list… Having the best lists for all and not everyone for themselves is the way to got
As this thread purports to be a Portmaster QA, by virtue of its forum location, the need to RTFS is irrelevant. The questions here should have prompted simple enough answers, as they did.
The .yml file confirms my initial assumption.
Thank you, I appreciate the response.
Considering most of the sources indicated have multiple lists available; and with the small sampling given above; it wasn’t obvious at all; thus my request for clarification. Clearly, they are not one-liner lists, as you call them. Thanks for your input, regardless.
As I said, from usage, you know when you use it, it is not one line blocklists, they are imported, and merged as explained in the documentation linked above. Also Zesko pointed out from the GUI you can check the source of the list. From usage I also explained a case earlier, where I had to disable multiple lists to be able to join online games because there was many Microsoft servers/services blocked so it adds t othe fact that the lists are actually list, containing more than one line of sources.
The reason is - your mention of leaking - which is the concept of DNS requests going to a DNS outside your VPN tunnel - usually due to misconfiguration.
As Portmaster is not a VPN leaking cannot occur.
If one has expectations but don’t know how Portmaster works this is not Quality Assurance issue - would be better discussed in a separate thread.
Never said it was, I was saying that something within portmaster is leaking.
At install (IIRC) there were TWO DNS servers specified in portmaster, cloudflair I think.
I have changed that to ONLY use my specified DNS.
Made a tiny bit of testing. I disabled the DNS to see how portmaster would react, surprise surprise, a notification telling me it will use OTHER DNS servers (what server, not so clear) because “I have no internet” and I could still use internet. Suuuuure, its not leaking at all.
(Yes, I have disabled the dns usage in firefox)
Since they are not interested in finding out what is going on (I only posted to help) I went from not using it to uninstalling, most ppl here adviced that anyway, and uninstalling was always an option.
I also stopped using youtube this week after they trying to force me to pay them.
Pretty sure I am not alone with a pihole setup, and if they do not want these 2 things working together, well lets just put it this way. If the choice is between a paywalled software and a completely free well tested software, the choice is easy.
My bad, I misunderstood. I’ll just uninstall and retreat.
For me to understand this threat correctly, the QA stands for Quality Assurance not Question and Answer, is this correct?
I love feedback and we know Portmaster still has room to grow, so QA feedback is super welcome.
I check in here every other week or so and I read through all messages, so nothing gets lost.
I backed off when I was more or less told to.
I’m “not nice” apparently, but your response would probably have been very helpful if I still had it installed.
EVERYTHING except port blocking was disabled in the interface, I am 1000% sure of that.
When I read your response I felt really bad for you taking the time to try to help, thank you for that.
I no longer use the program so I can not help to test (witch was the only reason I started the conversation in the first place, I wanted to help to try to find out WHY)
Edit
And for the portmaster person responding, I was not looking for dns records or anything, I was looking for normal logs from portmaster, I totally get that the blocklists are paywalled in this situation, the problem was that I COULD NOT DISABLE THE BLOCKING/BYPASSING!
If you want to be prompted by a pop-up notification about a new connection,
go Global Settings → Privacy Filter → General → Default Network Action → Change Allow to Prompt
For example:
When any program wants to connect a new domain for first time, the notification will prompt you whether you accept the connection or not. This is your judgement:
Edit:
If you trust an app, you do not want to be prompted by many notifications about this app (that connects to random different domains), you can change Prompt to Allow for this app setting instead of global setting.
For example:
I don’t want a lot of new random Firefox connections asking me a lot like spams,
then go Portmaster → Apps → Firefox → Settings for Firefox only (NOT global settings for all apps) → Default Network Action → Change Prompt to Allow.
It no longer notifies me as expected, that’s simple.