Friday, December 27, 2024
Google search engine
HomeData Modelling & AIHow to setup Portmaster Firewall for Linux

How to setup Portmaster Firewall for Linux

“Linux is secure by default” You must have heard this a lot of times but guess what? It’s a myth.

Linux doesn’t need a firewall or antivirus

A base Linux system normally is not that secure compared to a base Windows system because by default it “normally” doesn’t come with a firewall or antivirus, the only few things a default Linux distribution has got for it is a good, but imperfect level of application access control using systems like App Armor, SELinux, Flatseal etc, applications don’t have root access to the system, and they have software repositories which vet apps before reaching the end-user.

Now, many would argue that Linux doesn’t need antivirus or anti-malware since there isn’t much malware for it because of the small footprint it has on the market. But still, to be ahead of the bad guys you might want to have one antivirus like ClamAV, on the system, especially if you are exchanging files between Windows and Linux PC.

Even with all the things which Linux has got going for it, most distributions don’t have a default firewall configured; which many in the community may deem superfluous for Linux since it doesn’t have any open ports by default but I would argue that a Linux system doesn’t have any open ports by “default” and a user might later install something which could change this status quo in their system and that in my view, is a big hole (no pun intended).

But a Linux system can be “hardened” to make it more secure than the hardened windows, where all the advantages of Linux, which we talked about, work in sync with a few tweaks made here and there. One of those tweaks is installing a firewall, in today’s article’s context – Installing Portmaster.

What is a firewall?

A firewall is a security device, which can be in the form of hardware or software, monitoring all the traffic to and from a system and filters them using predetermined rules.

“But I’m not tech savvy”

Don’t worry Portmaster has got you covered. It comes with good defaults which protect you from various malware, trackers, and ads out of the box.

It even encrypts your DNS requests by default.

What is DNS and why encrypting it important?

Domain Name System or DNS, in simple terms, is like a phone book of the internet where each name has a number attached to it. Like we look up the number of a person by first looking up their name, computers ask DNS servers for the IP address of a website by looking up its domain name.

For eg: if you entered google.com, computers can’t reach the destination with that as they don’t understand “google.com”, instead they need an IP address of the website to reach the destination, so, computers use DNS servers to look up the IP address corresponding to the domain name, in our case, the computer will ask DNS server the IP address of “google.com”

Encrypting DNS can help you get additional privacy from your ISP (although not complete privacy), and it gives you better security from DNS attacks like the man-in-the-middle attack. Portmaster by default use DNS over TLS instead of DNS over HTTPS.

What is Portmaster?

Portmaster is a free and open-source application firewall, which means it is software that filters traffic to and from your system, at an application level, based on certain default rules which you can configure as per your needs.

It gives you the capability to manually control each connection from every application. This means if an application is making an unwanted connection you can block that particular connection or block the entire app from accessing the internet itself.

It is available for Windows and Linux, with Mac support planned for the future.

How to install Portmaster?

Installing Portmaster is easy. In this guide I will be showing how to install it on Linux-based systems and installation in Windows is pretty much the same, if not easier.

Step 1 Go to Safing’s website (the company behind Portmaster) and download the latest version of the Portmaster app for your operating system. If you are on Linux there are two options; a .deb version and a .rpm version; download the one suitable for your distribution, .deb is suitable for Debian derivatives like Ubuntu and Linux Mint and .rpm is suitable for Fedora and its derivatives like Nobara.

An image showing different download options in safing's home page. GFG

Safing Home page

As of the moment, there is no Flatpak or Snap version of the app.

For Windows, you could either download the installer or use Winget, the command line utility to install it using the following command.

winget install -i portmaster

Step 2 Now, double-click on the downloaded package and install it normally.

An image showing installation of portmaster in Linux mint. GFG

Installing Portmaster

Step 3 Reboot.

An image showing reboot option. GFG

Rebooting

Step 4 Start the Portmaster core service if not already started.

An image showing Portmaster prompting to start the core service. GFG

Starting Portmaster core service

That’s it you have installed Portmaster successfully and are closer to better privacy & security.

How to set up Portmaster?

Setting up Portmaster is easy since there are actually little to no steps involved but still, here is the process.

Step 1 Open Portmaster

Step 2 Click on quick setup

An image showing quick setup of portmaster. GFG

Portmaster quick-setup

Step 3 Choose the filter lists that you want to use

An image showing the "tracker" settings in portmaster. GFG

Filter lists in Portmaster

Step 4 Choose the secure DNS provider that you want to use.

An image showing prompt by Portmaster asking to choose a DNS provider. GFG

Choosing DNS provider

Step 5 Click on finish. See, that was quick.

An image showing the end of the initital setup. GFG

Finish the initial setup

Navigating through settings

In case you want more customization, you can navigate the settings icon on the left side bar.

An image showing the location of the settings panel. GFG

Navigate to settings

We will now quickly go through some of the main settings within Portmaster.

Caution: Make sure to only change things if you know what you are doing.

DNS servers

You can change the DNS provider to the one you prefer in case you forgot to change it during the setup.

An image showing the option to chose DNS providers. GFG

Choosing DNS providers from settings

DNS cache

DNS cache stores some of the most frequently queried website’s ip within the system this process allows the system to “resolve” them faster since they are already within the system. You can turn this setting ON if you are experiencing poor DNS speeds.

An image showing the settings for DNS cache. GFG

Settings for DNS cache

Blocking incoming connections

This is one of the most important settings in Portmaster as it allows you to block all incoming connections directed toward your system. If you were running a server you would have to configure this so that your server could serve whatever it’s serving, but for most cases, in a desktop system, you are better off keeping it turned on and if you have some specific application requiring incoming connection in which case you can allow it on a case-by-case basis.

An image showing the option of blocking incoming connection. GFG

Force blocking incoming connection

Filter lists

This is where you can configure filter lists in case you missed them during the initial configuration. Here you can check all the filter lists that you want to apply for your PC but note that if you don’t know the output of different filters then it’s best to keep it on default as some sites may break or not even open if some filter lists are applied.

An image showing the options available in filter lists in portmaster. GFG

Filter lists in portmaster

Last thoughts

Now you have setup yourself an awesome sentinel looking after your privacy and security. But in case you decide that Portmaster is not for you, you can decide to use Uncomplicated Firewall(UFW) or its graphical front end – GUFW which, as the name suggests, is fairly simple with few settings that anyone can handle.

As stressed in the beginning, having a firewall is vital no matter which firewall you end up choosing.

Whether you’re preparing for your first job interview or aiming to upskill in this ever-evolving tech landscape, lazyroar Courses are your key to success. We provide top-quality content at affordable prices, all geared towards accelerating your growth in a time-bound manner. Join the millions we’ve already empowered, and we’re here to do the same for you. Don’t miss out – check it out now!

RELATED ARTICLES

Most Popular

Recent Comments