How to Install Portmaster in Linux

Install Portmaster Linux Featured

The modern user is a privacy conscious one. We want to know what data is being collected and how it’s being used. For Linux users, we embody this mindset ten-fold. Portmaster gives you more control over your data.

What Is Portmaster?

Portmaster is an open-source application firewall. It allows you to analyze and control the network activity of individual applications. You can also see which IP addresses data is traveling to and from, allowing you to detect any services that are siphoning your data. The paid tier, Portmaster unlimited, gives you access to a VPN alternative: an SPN (Safing private network).

Why You Need an Application-Level Firewall

A traditional, packet-filtering firewall is port-based. When you enter the port, the firewall will prevent all Internet traffic from flowing through it. An application-level firewall, like Portmaster, protects you from both ends. It provides you with a level of user anonymity and finer controls. Although there are more complex solutions that provide next-level security, these are often not consumer grade and are more data center oriented.

How to Install Portmaster

First, you need to install GNOME network manager. It’s installed by default when you install your distro, but if you don’t have it, follow the directions below to install it.

sudo apt install network-manager

If you’re not using the apt package manager, just replace apt with your respective package manager. Once you’ve done that, download and install Portmaster. Portmaster supports all Linux distros that use Linux kernel 5.7 and above and comes with a .deb and .rpm package. 

You can install Portmaster using the following commands:

On Debian/Ubuntu:

sudo apt install portmaster-installer.deb

On Fedora:

sudo dnf install portmaster-installer.rpm

If you prefer to use a graphical installer, navigate to the software package and use “Software Install” to install Portmaster.

Portmaster Software Installation

On Arch, you can build Portmaster from Source by cloning it from GitHub.

git clone
cd portmaster-packaging/linux
makepkg -si

Another option is to use an AUR helper like yay, which lets you download and install applications from the Arch User Repository (AUR).

yay -S portmaster-stub-bin

If you’re using SELinux, it may take a bit more effort to install Portmaster. SELinux does not allow you to run binaries as a systemd service, which portmaster-core requires.

To use Portmaster, you need to change the security context of Portmaster using the following command:

sudo chcon -t bin_t /opt/safing/portmaster/portmaster-start

Restart Portmaster using the following command:

sudo systemctl restart portmaster

How to Configure Portmaster

Portmaster doesn’t require much configuring to get started. There are some key features you may need to dig for if you want to tap into its true power.

First, you can restrict network activity within applications. Multiple tabs in a web browser connect to unique IP addresses and can be restricted.

In the “Network Activity” tab, click on the individual connections and navigate to the app settings.

Portmaster Network Activity

You can restrict any domain. You can also adjust global settings for the application to block any connections. The “Apps and Profiles” tab will also take you to these settings. It is quicker to navigate from the network activity window.

Public Wi-Fi Security

It makes sense that you would want to restrict most incoming connections if you’re connecting to a public Wi-Fi network or one that you don’t trust. Leaving your files and data vulnerable to attack is not an option, but you also want to watch YouTube and surf the Web to pass the time.

In the “Global Settings” tab, adjust the settings based on the threat level. You may want to ignore multicast DNS (use nslookup to check DNS records), which is often used by hackers for DDOS (distributed denial-of-service) attacks. At the same time, you may want to allow your PC to connect to the Internet, even in maximum danger.

You can add rules for incoming and outgoing connections. The filter section allows you to block any NSFW content, trackers, or any content that you may not want to see.

Portmaster Global Settings


SPN is Safing’s version of a VPN (Virtual Private Network) with a few key differences. For one, it routes you through the network, masking you by using multiple identities. Most VPNs tie you to a specific country of your choosing. This is great if you trust your VPN, but not so much if you don’t.

It also features automatic geo-unblocking, which allows you to access content restricted to specific regions or countries. All of this is in addition to the great base Portmaster offers.

Frequently Asked Questions

Are there any other firewall options for Linux?

GlassWire, Simplewall and Pi-hole are all great alternatives to Portmaster. These options don’t offer certain features, and Pi-hole can be a bit more complicated to configure. In all scenarios, any firewall is better than no firewall when it comes to protecting your data.

Is my data safe with Safing?

It’s always a fear that you may one day stumble upon an important piece of information that a government agency or big-tech firm may not want out there. Safing keeps no logs of your data and does not track users’ actions while using SPN.

Does Portmaster protect me from data breaches?

Most people have data stored on multiple databases all over the world. Most big-tech firms are resilient against major data breaches, but these can happen to any company. Portmaster only protects the data stored on your server or computer.

Image credit: Man plugging in an LAN cable to a wireless router by 123RF. All screenshots by Nathan Meyer.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox