# safing/portmaster

**Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/safing-portmaster).**

11,986 stars · 442 forks · Go · gpl-3.0

## Links

- GitHub: https://github.com/safing/portmaster
- Homepage: https://safing.io
- awesome-repositories: https://awesome-repositories.com/repository/safing-portmaster.md

## Topics

`application-firewall` `dns` `firewall` `go` `golang` `networking` `privacy` `privacy-by-design` `privacy-enhancing-technologies` `privacy-protection` `privacy-tools`

## Description

Portmaster is a host-based network firewall and privacy tool that monitors and controls all system network traffic. It operates by intercepting data packets at the operating system level, allowing it to observe and manage every connection made by local software in real time.

The software distinguishes itself through process-aware connection mapping, which correlates active network sockets with specific local applications to provide visibility into data transfers. It utilizes a user-space policy engine to enforce granular security rules, enabling users to restrict internet access, block specific geographic regions, or prevent unauthorized data collection by individual programs.

Beyond basic firewall management, the project provides system-wide DNS filtering and ad blocking by intercepting and resolving domain name queries locally. This approach ensures that tracking and advertising requests are identified and filtered before they leave the host machine, maintaining consistent enforcement of privacy policies across the entire system.

## Tags

### Security & Cryptography

- [Firewalls](https://awesome-repositories.com/f/security-cryptography/firewalls.md) — Acts as a host-based network firewall that monitors and controls all system network traffic to block trackers and restrict access.
- [DNS Filtering](https://awesome-repositories.com/f/security-cryptography/dns-filtering.md) — Intercepts and filters DNS queries to prevent tracking, advertising, and malicious domain resolution at the OS level.
- [Privacy-Focused Tools](https://awesome-repositories.com/f/security-cryptography/privacy-focused-tools.md) — Manages incoming and outgoing network traffic to ensure applications only communicate with trusted services while protecting personal data.
- [Application Access Controls](https://awesome-repositories.com/f/security-cryptography/application-access-controls.md) — Enforces granular network policies by blocking specific connection types or internet access for individual applications. ([source](https://safing.io/))
- [Network Access Control](https://awesome-repositories.com/f/security-cryptography/network-access-control.md) — Enforces granular security policies to restrict internet access or block specific geographic regions for individual programs.
- [Privacy and Ad Blocking](https://awesome-repositories.com/f/security-cryptography/privacy-and-ad-blocking.md) — Filters advertising and tracking domains at the system level to prevent unauthorized data collection. ([source](https://safing.io/))

### System Administration & Monitoring

- [Ad Blockers](https://awesome-repositories.com/f/system-administration-monitoring/ad-blockers.md) — Filters advertising and tracking domains at the operating system level to prevent unauthorized data collection.
- [Network Traffic Analyzers](https://awesome-repositories.com/f/system-administration-monitoring/network-traffic-analyzers.md) — Provides a real-time traffic analyzer that identifies and visualizes every connection made by local software.
- [Real-Time Network Monitors](https://awesome-repositories.com/f/system-administration-monitoring/real-time-network-monitors.md) — Tracks all active network connections in real time to identify and investigate unexpected data transfers. ([source](https://safing.io/))

### Operating Systems & Systems Programming

- [Kernel-Level Traffic Interceptors](https://awesome-repositories.com/f/operating-systems-systems-programming/kernel-core-internals/operating-system-kernels/kernel-mode-interception-mechanisms/kernel-level-traffic-interceptors.md) — Intercepts network traffic at the operating system kernel level to inspect and filter data packets before they reach their destination.

### Software Engineering & Architecture

- [Security Policy Engines](https://awesome-repositories.com/f/software-engineering-architecture/dynamic-programming/policy-evaluation-methods/security-policy-engines.md) — Evaluates connection requests against defined security rules to determine whether to permit or block traffic based on application identity.

### Networking & Communication

- [Local Proxy Services](https://awesome-repositories.com/f/networking-communication/local-proxy-services.md) — Intercepts and resolves domain name queries locally to filter out tracking and advertising requests before they leave the host.
- [Traffic Routing Controllers](https://awesome-repositories.com/f/networking-communication/traffic-routing-controllers.md) — Redirects all outbound network traffic through a local control point to ensure consistent enforcement of privacy and security policies.

### Development Tools & Productivity

- [Process-to-Socket Mappings](https://awesome-repositories.com/f/development-tools-productivity/diagramming-tools/process-and-flow-mapping/process-configuration-mappings/process-to-socket-mappings.md) — Correlates active network sockets with specific local process identifiers to attribute data transfers to individual applications.