Portmaster uses iptables and nfqueue to inspect and control network traffic. The nfqueue allows packets to be handed over to user space and return a verdict and set a mark on that connection. https://docs.safing.io/portmaster/architecture/os-integration#linux
It is *far* easier to use to and could be seen as a kind of GUI for iptables, but with detailed granularity unlike ufw https://wiki.archlinux.org/title/iptables#Graphical
I only use it on my local machine, not servers. It helps when I'm running a random electron app (eg Obsidian with Flatseal to isolate the file system) I get to see connection attempts and authorize/block them on an individual basis, it would be very menial to write those rules in iptables.
The Portmaster Core Service cannot do all this magic by itself. It works closely together with the Operating System’s Core - the Kernel. https://docs.safing.io/portmaster/architecture/overview
They plan a kernel module in future but so far I've not had any use case that would require that. The free version is more feature rich than the paid for product 'Little Snitch' on OSX, and they promise to retain that free tier.
ah /
npub1my…8uu33
2023-08-30 20:19:20
in reply to nevent1q…m2ae
Author Public Key
npub1my7v9jyerzswqlvjk7mpndjqs3getmff6e7ujnme7d23sf9k9lsq88uu33Seen on
wss://nos.lolPublished at
2023-08-30 20:19:20Event JSON
{
"id": "a16aeb60a1b89c902207313e832fe846ef24d33bff603efc32cf7a0dea39aad1",
"pubkey": "d93cc2c89918a0e07d92b7b619b640845195ed29d67dc94f79f3551824b62fe0",
"created_at": 1693426760,
"kind": 1,
"tags": [
[
"e",
"91f7fefd9cb8b71b2b68295024b881f3e100cf2f4b72d84c12feccc2b8c4f944",
"",
"root"
],
[
"e",
"54b33a7775083a1f72c66d1b5fa747d6d86bf9a79e1bc253808a9835655e3838",
"",
"reply"
],
[
"p",
"d0debf9fb12def81f43d7c69429bb784812ac1e4d2d53a202db6aac7ea4b466c"
],
[
"p",
"d93cc2c89918a0e07d92b7b619b640845195ed29d67dc94f79f3551824b62fe0"
]
],
"content": "Portmaster uses iptables and nfqueue to inspect and control network traffic. The nfqueue allows packets to be handed over to user space and return a verdict and set a mark on that connection. https://docs.safing.io/portmaster/architecture/os-integration#linux\n\nIt is *far* easier to use to and could be seen as a kind of GUI for iptables, but with detailed granularity unlike ufw https://wiki.archlinux.org/title/iptables#Graphical\n\nI only use it on my local machine, not servers. It helps when I'm running a random electron app (eg Obsidian with Flatseal to isolate the file system) I get to see connection attempts and authorize/block them on an individual basis, it would be very menial to write those rules in iptables.\n\nThe Portmaster Core Service cannot do all this magic by itself. It works closely together with the Operating System’s Core - the Kernel. https://docs.safing.io/portmaster/architecture/overview\n\nThey plan a kernel module in future but so far I've not had any use case that would require that. The free version is more feature rich than the paid for product 'Little Snitch' on OSX, and they promise to retain that free tier.",
"sig": "247571b271da43ec68597651cc9f49639daed37d02a44be944c4d49f9aadeecd81bd6f340d8b667de0b6a4d930870d1ee97bbdc77887913a0a99548627320275"
}