Credit: Dibakar Ghosh | How-To Geek

Do you trust every app you’ve installed on Linux? Are you using closed-source software and wish you could see what it’s doing behind the scenes? Let me introduce you to Portmaster—the network monitor that gives you X-ray vision into your Linux PC.

What is Portmaster?

Portmaster is a free and open-source (FOSS) application firewall developed by Safing. It integrates directly into your system’s network stack—using iptables and nfqueue to inspect packets and control network traffic. This means you can see every network connection your apps make and stop them when needed!

Portmaster is also available on Windows.

Despite being FOSS, Portmaster follows a freemium model. The free tier includes all the core features you’d need: a network monitor to see every connection, automatic blocking of trackers and malware through filter lists, secure DNS, and the ability to block specific apps or domains. These features make Portmaster an incredibly powerful privacy tool, and they’ll remain free forever, according to Safing.

The premium tier has two options. The Plus plan, at €4 per month, lets you see more network data, store it longer, and get dedicated customer support. The Pro plan, at €9.90 per month, includes everything in Plus along with access to the Safing Privacy Network (SPN)—a cross between Tor and VPNs. It uses onion encryption, routes every connection individually (giving you multiple identities per app), and can potentially improve connection speeds by automatically picking exit nodes close to your destination.

I use the free plan. The only reason I’d consider upgrading would be for SPN access, but I already use ProtonVPN—it’s much more affordable than Portmaster Pro and does everything I need from a VPN. This makes the free tier more than enough for everything I want from a network monitor and privacy tool!

ProtonVPN

Logging policy No-Logs Policy

Mobile app Android and iOS

Number Of Servers 13,000+

Free Trial Free version with limited features

Encryption AES-256, ChaCha20

Supported platforms Windows, macOS, Linux, Android, iOS, Chrome, Firefox, Chromebook, Apple TV, Android TV, Fire TV

Does Linux really need a security app?

There’s a persistent idea that Linux is invulnerable and virus-proof, but that’s a myth! The best you can say is that Linux is differently secure—it might resist certain Windows security flaws, but it has its own vulnerabilities.

Yes, most apps from official repositories are safe. However, if you want an app that’s not in these repos, you’ll need to resort to third-party options like PPAs or the AUR—which can contain malicious software! If you accidentally install malware, it can potentially steal your data, or install viruses on your system. The best way to know for sure if you’re harboring malware is by monitoring your network activity and keeping an eye out for anything suspicious.

Traditionally, you’d do this in the terminal using tools like tcpdump to parse through packet outputs. But for everyday users, that approach gets real technical and complex fast. This is where Portmaster comes in! It gives you an intuitive graphical interface to get an overall view of your applications’ network activity—allowing you to quickly spot anything suspicious!

Use a network monitoring widget on your desktop to see upload and download speeds. This will warn you when network activity is suspiciously high, at which point you can use Portmaster to check what app is causing the issue.

Why I love using Portmaster

I discovered Portmaster last year, and I ended up installing it on all my Linux systems. Here are the three main reasons why I love it so much!

A granular view of network activity across all apps

Portmaster gives you a minimal yet functional interface to visualize all network connections. It’s intuitive for regular Linux users—you don’t need to be a terminal wiz to understand what’s going on! The main dashboard shows a real-time graph of active and blocked connections. You can see all your apps that are connected to the internet, with a quick overview of how many of them have blocked connections and a counter showing recent connections per country.

You can select individual apps and dive into their specific network behavior—what domains they’re connecting to, how much data they’re uploading and downloading (from the Insights tab), and when each connection started and ended. There are also options to sort, filter, and group information in ways that make sense for your workflow. It’s powerful for quickly spotting unusual behavior or unexpected connections, and there’s a simple toggle to block all connections for suspicious apps with a single click!

Block specific apps from going online

Sometimes you don’t want an application accessing the internet at all, and Portmaster makes this easy. For example, I use Obsidian to journal and save all my personal notes because it works offline and saves data locally—I don’t want this information on someone’s server! I also use many third-party plugins to extend Obsidian’s functionality.

Now, I’m not a programmer and can’t review plugin code to verify if they’re safe—which is crucial when installing something obscure with a small user base. This is where Portmaster becomes indispensable, as it lets me view if Obsidian or its plugins are phoning home or if there’s suspicious network activity.

Right now, I keep Obsidian blocked from internet access entirely. When there’s a new update, I temporarily unblock it, run the update, and block it again. Some will call this paranoia, but it gives me peace of mind that my data is safe while still letting me update the software when needed.

Automatically blocks trackers and malware

One of Portmaster’s best features is its ability to automatically block known trackers and malware domains. During initial setup, you can check boxes to enable various filter lists—blocking trackers, malware, phishing sites, and even NSFW content. Portmaster maintains a database of malicious domains and references it in real-time, stopping these connections before they cause issues.

This happens automatically in the background, so you don’t have to manually review every connection—Portmaster handles obvious threats while giving you tools to investigate anything suspicious. That said, if you missed setting it up properly or want to change the filter settings later, you can access them in Settings > Privacy Filter > Filter Lists.

How to set up and use Portmaster

Portmaster isn’t available through official Linux repositories—you’ll need to download it directly from their website. The installation process varies slightly based on the distro you’re using. On Debian and Ubuntu-based systems, download and install the DEB package. For Fedora and it’s derivatives, there’s an RPM package. On Arch Linux, install it from the AUR as portmaster-bin. If you run into issues or need more detailed instructions, Portmaster has excellent documentation covering installation for various Linux distributions.

Once the installation is complete, and you start the app, you’ll go through a quick setup process asking you to select the filter lists and the DNS server. By default, Portmaster will automatically start after every system boot, but if it doesn’t, you can configure it to do so manually using systemd.

---

That was my quick overview of Portmaster, why I love it, and how you can set it up if you share my sentiment. While Portmaster functions as an excellent application-level firewall, it’s not a replacement for general-purpose firewalls, and you should install something like Firewalld or UFW on your system.