diff --git a/.github/label-actions.yml b/.github/label-actions.yml new file mode 100644 index 0000000..c90babb --- /dev/null +++ b/.github/label-actions.yml @@ -0,0 +1,40 @@ +# Configuration for Label Actions - https://github.com/dessant/label-actions + +community support: + comment: | + Hey @{issue-author}, thank you for raising this issue with us. + + After a first review we noticed that this does not seem to be a technical issue, but rather a configuration issue or general question about how Portmaster works. + + Thus, we invite the community to help with configuration and/or answering this questions. + + If you are in a hurry or haven't received an answer, a good place to ask is in [our Discord community](https://discord.gg/safing). + + If your problem or question has been resolved or answered, please come back and give an update here for other users encountering the same and then close this issue. + + If you are a paying subscriber and want this issue to be checked out by Safing, please send us a message [on Discord](https://discord.gg/safing) or [via Email](mailto:support@safing.io) with your username and the link to this issue, so we can prioritize accordingly. + +needs debug info: + comment: | + Hey @{issue-author}, thank you for raising this issue with us. + + After a first review we noticed that we will require the Debug Info for further investigation. However, you haven't supplied any Debug Info in your report. + + Please [collect Debug Info](https://wiki.safing.io/en/FAQ/DebugInfo) from Portmaster _while_ the reported issue is present. + +in/compatibility: + comment: | + Hey @{issue-author}, thank you for reporting on a compatibility. + + We keep a list of compatible software and user provided guides for improving compatibility [in the wiki - please have a look there](https://wiki.safing.io/en/Portmaster/App/Compatibility). + If you can't find your software in the list, then a good starting point is our guide on [How do I make software compatible with Portmaster](https://wiki.safing.io/en/FAQ/MakeSoftwareCompatibleWithPortmaster). + + If you have managed to establish compatibility with an application, please share your findings here. This will greatly help other users encountering the same issues. + +fixed: + comment: | + This issue has been fixed by the recently referenced commit or PR. + + However, the fix is not released yet. + + It is expected to go into the [Beta Release Channel](https://wiki.safing.io/en/FAQ/SwitchReleaseChannel) for testing within the next two weeks and will be available for everyone within the next four weeks. While this is the typical timeline we work with, things are subject to change. diff --git a/.github/workflows/issue-manager.yml b/.github/workflows/issue-manager.yml deleted file mode 100644 index 3cfdc5b..0000000 --- a/.github/workflows/issue-manager.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Issue Manager - -on: - workflow_dispatch: - schedule: - - cron: "17 5 * * 1-5" # run at 5:17 on Monday to Friday - # We only use the issue manager for auto-closing, so we only need the cron trigger. - # issue_comment: - # types: - # - created - # - edited - # issues: - # types: - # - labeled - -jobs: - issue-manager: - runs-on: ubuntu-latest - steps: - - uses: tiangolo/issue-manager@0.4.0 - with: - token: ${{ secrets.GITHUB_TOKEN }} - config: > - { - "$schema": "https://raw.githubusercontent.com/tiangolo/issue-manager/master/schema.json", - "waiting for input": { - "delay": "P30DT0H0M0S", - "message": "Auto-closing this issue after waiting for input for a month. If anyone finds the time to provide the requested information, please re-open the issue and we will continue handling it.", - "remove_label_on_comment": true, - "remove_label_on_close": false - }, - "waiting for fix confirmation": { - "delay": "P30DT0H0M0S", - "message": "Auto-closing this issue after waiting for a fix confirmation for a month. If anyone still experiences this issue, please re-open the issue with updated information so we can continue working on a fix.", - "remove_label_on_comment": true, - "remove_label_on_close": false - }, - "waiting for release": { - "delay": "P3650DT0H0M0S", - "message": "That was 10 years ago, I think we can close this now.", - "remove_label_on_comment": true, - "remove_label_on_close": false - }, - "waiting for resources": { - "delay": "P3650DT0H0M0S", - "message": "That was 10 years ago, I think we can close this now.", - "remove_label_on_comment": true, - "remove_label_on_close": false - } - } diff --git a/.github/workflows/issues-first-greet.yml b/.github/workflows/issues-first-greet.yml new file mode 100644 index 0000000..c018fcf --- /dev/null +++ b/.github/workflows/issues-first-greet.yml @@ -0,0 +1,26 @@ +# This workflow responds to first time posters with a greeting message. +# Docs: https://github.com/actions/first-interaction +name: Greet New Users + +# This workflow is triggered when a new issue is created. +on: + issues: + types: opened + +permissions: + contents: read + issues: write + +jobs: + greet: + runs-on: ubuntu-latest + steps: + - uses: actions/first-interaction@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # Respond to first time issue raisers. + issue-message: | + Greetings and welcome to our community! As this is the first issue you opened here, we wanted to share some useful infos with you: + + - πŸ—£οΈ Our community on [Discord](https://discord.gg/safing) is super helpful and active. We also have an AI-enabled support bot that knows Portmaster well and can give you immediate help. + - πŸ“– The [Wiki](https://wiki.safing.io/) answers all common questions and has many important details. If you can't find an answer there, let us know, so we can add anything that's missing. diff --git a/.github/workflows/issues-label-actions.yml b/.github/workflows/issues-label-actions.yml new file mode 100644 index 0000000..4a031b5 --- /dev/null +++ b/.github/workflows/issues-label-actions.yml @@ -0,0 +1,22 @@ +# This workflow responds with a message when certain labels are added to an issue or PR. +# Docs: https://github.com/dessant/label-actions +name: Label Actions + +# This workflow is triggered when a label is added to an issue. +on: + issues: + types: labeled + +permissions: + contents: read + issues: write + +jobs: + action: + runs-on: ubuntu-latest + steps: + - uses: dessant/label-actions@v3 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + config-path: ".github/label-actions.yml" + process-only: "issues" diff --git a/.github/workflows/issues-stale.yml b/.github/workflows/issues-stale.yml new file mode 100644 index 0000000..bdb4d38 --- /dev/null +++ b/.github/workflows/issues-stale.yml @@ -0,0 +1,42 @@ +# This workflow warns and then closes stale issues and PRs. +# Docs: https://github.com/actions/stale +name: Close Stale Issues + +on: + schedule: + - cron: "17 5 * * 1-5" # run at 5:17 (UTC) on Monday to Friday + workflow_dispatch: + +permissions: + contents: read + issues: write + +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v8 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} + # Increase max operations. + # When using GITHUB_TOKEN, the rate limit is 1,000 requests per hour per repository. + operations-per-run: 500 + # Handle stale issues + stale-issue-label: 'stale' + # Exemptions + exempt-all-issue-assignees: true + exempt-issue-labels: 'support,dependencies,pinned,security' + # Mark as stale + days-before-issue-stale: 63 # 2 months / 9 weeks + stale-issue-message: | + This issue has been automatically marked as inactive because it has not had activity in the past two months. + + If no further activity occurs, this issue will be automatically closed in one week in order to increase our focus on active topics. + # Close + days-before-issue-close: 7 # 1 week + close-issue-message: | + This issue has been automatically closed because it has not had recent activity. Thank you for your contributions. + + If the issue has not been resolved, you can [find more information in our Wiki](https://wiki.safing.io/) or [continue the conversation on our Discord](https://discord.gg/safing). + # TODO: Handle stale PRs + days-before-pr-stale: 36500 # 100 years - effectively disabled. diff --git a/.gitignore b/.gitignore index 764ca05..a0a8e44 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,17 @@ +# Custom + +!.gitkeep + +.rbenv-version +.rvmrc +.bundle +vendor/bundle +*.plist +.jekyll-cache/ + +_data/faq/src +_data/releases/src + # ---> macOS *.DS_Store .AppleDouble @@ -6,7 +20,6 @@ # Icon must end with two \r Icon - # Thumbnails ._* @@ -54,12 +67,3 @@ _theme_packages _res Thumbs.db - -!.gitkeep - -.rbenv-version -.rvmrc -.bundle -vendor/bundle -*.plist -.jekyll-cache/ diff --git a/_config.yml b/_config.yml index b8defc4..c42d55a 100644 --- a/_config.yml +++ b/_config.yml @@ -18,6 +18,7 @@ base_url: "/" # the subpath of your site, e.g. /blog portmaster_settings_url: /portmaster/settings # Check reference in _data/menus.yml! portmaster_api_url: /portmaster/api # Check reference in _data/menus.yml! coc_url: /community/code-of-conduct +faq_url: /portmaster/faq ### assets assets_url: /assets/ @@ -33,6 +34,7 @@ download_linux_rpm_url: https://updates.safing.io/latest/linux_amd64/packages/po download_linux_arch_url: https://updates.safing.io/latest/linux_amd64/packages/portmaster-installer.pkg.tar.xz download_windows_url: https://updates.safing.io/latest/windows_amd64/packages/portmaster-installer.exe github_url: https://github.com/safing +wiki_url: https://wiki.safing.io/ github_pm_url: https://github.com/safing/portmaster github_pm_ui_url: https://github.com/safing/portmaster-ui @@ -69,6 +71,7 @@ privacy_url: https://safing.io/privacy/ next_page_url: https://safing.io/next/ spn_url: https://safing.io/spn/ team_url: https://safing.io/team/ +pricing_url: https://safing.io/pricing/ terms_url: https://safing.io/terms/ video_url: https://safing.io/video/ whitepaper_url: https://safing.io/files/whitepaper/Gate17.pdf diff --git a/_data/Makefile b/_data/Makefile new file mode 100644 index 0000000..a82a2cd --- /dev/null +++ b/_data/Makefile @@ -0,0 +1,39 @@ +# Fetch and process FAQs, releases and versions. + +.PHONY: faq-data releases-data versions-data clean + +all: faq/all.json releases/all.json versions-data + +update: clean all + +faq/all.json: faq-data + jq -s 'add | map({title, html_url, body}) | map(.keywords = (.body | capture("Keywords: (?[^\r\n]+)").c | split(", "))) | map(.categories = (.body | capture("Categories: (?[^\r\n]+)").c | split(", "))) | sort_by(.title)' faq/src/* > $@ + if [ $(shell jq -s 'add | length' faq/src/*) != $(shell jq 'length' $@) ]; then echo "missing faq entries in $@"; exit 1; fi + +faq-data: faq/src/portmaster.json faq/src/portmaster-ui.json faq/src/spn.json faq/src/faqs.json + +faq/src/%.json: + mkdir -p faq/src + cd faq/src + wget -O $@ "https://api.github.com/repos/safing/$*/issues?labels=faq&per_page=100" + +releases/all.json: releases-data + jq -s 'add | map({name, tag_name, body, prerelease, html_url, created_at}) | map(.date = .created_at[:10]) | map(.body = (.body | gsub("Changelog:"; "") | gsub("[a-f0-9]{40}"; "-"))) | map(.repo = (.html_url | capture("github.com/safing/(?[^/]+)/").repo)) | sort_by(.created_at) | reverse' releases/src/* > $@ + +releases-data: releases/src/portmaster.json releases/src/portmaster-ui.json releases/src/spn.json + +releases/src/%.json: + mkdir -p releases/src + cd faq/src + wget -O $@ "https://api.github.com/repos/safing/$*/releases" + +versions-data: versions/stable.json versions/beta.json + +versions/%.json: + cd versions + wget -O $@ "https://updates.safing.io/$*.v2.json" + +clean: + rm -f faq/src/* + rm -f releases/src/* + rm -f versions/* diff --git a/_data/README.md b/_data/README.md index a996500..639c2fe 100644 --- a/_data/README.md +++ b/_data/README.md @@ -1,35 +1,25 @@ -# Data +# Sourced Data -### Update faq-data.json - -1. Check if the current list has new entries - - https://github.com/issues?q=archived%3Afalse+user%3Asafing+sort%3Aupdated-desc+label%3Afaq - -2. Get the current list with these commands (you might need to add new ones for additional repos) +### Update all data ``` -gh issue list --label faq --repo safing/portmaster --json title,url,body > faq-data.json -gh issue list --label faq --repo safing/portmaster-ui --json title,url,body >> faq-data.json +make update ``` -3. Fix JSON format. +### Create faq/all.json ``` -sed -i ':a;N;$!ba;s/\]\n\[/,/g;s/},{/},\n{/g;s/\[{/\[\n{/g;s/}\]/}\n\]/g' faq-data.json +make faq/all.json ``` -4. Sort and make pretty +### Create releases/all.json ``` -cat faq-data.json | jq 'sort_by(.title)' | tee faq-data.json +make releases/all.json ``` -Here is everything together: +### Create versions/* ``` -gh issue list --label faq --repo safing/portmaster --json title,url,body > faq-data.json && \ -gh issue list --label faq --repo safing/portmaster-ui --json title,url,body >> faq-data.json && \ -sed -i ':a;N;$!ba;s/\]\n\[/,/g;s/},{/},\n{/g;s/\[{/\[\n{/g;s/}\]/}\n\]/g' faq-data.json && \ -cat faq-data.json | jq 'sort_by(.title)' | tee faq-data.json +make versions-data ``` diff --git a/_data/compatibility.yml b/_data/compatibility.yml index 60e5b56..07c098c 100644 --- a/_data/compatibility.yml +++ b/_data/compatibility.yml @@ -97,6 +97,23 @@ vpns: state: 🚫 issue confirmed issue_number: 563 issue_comment: 1194001989 + - name: Surfshark VPN + reports: + - os: windows + mode: OpenVPN + state: 🟒 confirmed compatible + issue_number: 785 + issue_comment: 1330628256 + - os: windows + mode: WireGuard + state: 🚫 issue confirmed + issue_number: 785 + issue_comment: 1330628256 + - name: Mysterium VPN + reports: + - os: windows + state: 🟑 issue reported + issue_number: 649 software: - name: AdGuard diff --git a/_data/config-options.json b/_data/config-options.json index 328c016..dba296c 100644 --- a/_data/config-options.json +++ b/_data/config-options.json @@ -2,7 +2,7 @@ { "Name": "API Keys", "Key": "core/apiKeys", - "Description": "Define API keys for priviledged access to the API. Every entry is a separate API key with respective permissions. Format is `\u003ckey\u003e?read=\u003cperm\u003e\u0026write=\u003cperm\u003e`. Permissions are `anyone`, `user` and `admin`, and may be omitted.", + "Description": "Define API keys for privileged access to the API. Every entry is a separate API key with respective permissions. Format is `\u003ckey\u003e?read=\u003cperm\u003e\u0026write=\u003cperm\u003e`. Permissions are `anyone`, `user` and `admin`, and may be omitted.", "Help": "", "Sensitive": true, "OptType": 2, @@ -17,9 +17,9 @@ } }, { - "Name": "Automatic Updates", - "Key": "core/automaticUpdates", - "Description": "Enable automatic checking, downloading and applying of updates. This affects all kinds of updates, including intelligence feeds and broadcast notifications.", + "Name": "Automatic Intelligence Data Updates", + "Key": "core/automaticIntelUpdates", + "Description": "Automatically check for and download intelligence data updates. This includes filter lists, geo-ip data, and more. Does not include software updates.", "Help": "", "Sensitive": false, "OptType": 4, @@ -30,41 +30,41 @@ "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Updates", - "safing/portbase:ui:order": -12 + "safing/portbase:ui:order": -11 } }, { - "Name": "Development Mode", - "Key": "core/devMode", - "Description": "In Development Mode, security restrictions are lifted/softened to enable unrestricted access for debugging and testing purposes.", + "Name": "Automatic Software Updates", + "Key": "core/automaticUpdates", + "Description": "Automatically check for and download software updates. This does not include intelligence data updates.", "Help": "", "Sensitive": false, "OptType": 4, - "ExpertiseLevel": 2, + "ExpertiseLevel": 1, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": false, + "DefaultValue": true, "ValidationRegex": "", "Annotations": { - "safing/portbase:ui:category": "Development", - "safing/portbase:ui:order": 512 + "safing/portbase:ui:category": "Updates", + "safing/portbase:ui:order": -12 } }, { - "Name": "Enable Network Rating System", - "Key": "core/enableNetworkRating", - "Description": "Enable the Network Rating System, which allows you to configure settings to be active in one environment but not in the other, like allowing sensitive connections at home but not at the public library.\n\nPlease note that this feature will be replaced by a superior and easier to understand system in the future.", + "Name": "Development Mode", + "Key": "core/devMode", + "Description": "In Development Mode, security restrictions are lifted/softened to enable unrestricted access for debugging and testing purposes.", "Help": "", "Sensitive": false, "OptType": 4, - "ExpertiseLevel": 1, + "ExpertiseLevel": 2, "ReleaseLevel": 0, "RequiresRestart": false, "DefaultValue": false, "ValidationRegex": "", "Annotations": { - "safing/portbase:ui:category": "User Interface", - "safing/portbase:ui:order": 514 + "safing/portbase:ui:category": "Development", + "safing/portbase:ui:order": 512 } }, { @@ -136,6 +136,36 @@ "safing/portbase:ui:order": 513 } }, + { + "Name": "Time and Date Format", + "Key": "core/locale", + "Description": "Configures the time and date format for the user interface. Selection is an example and correct formatting in the UI is a continual work in progress.", + "Help": "", + "Sensitive": false, + "OptType": 1, + "ExpertiseLevel": 0, + "ReleaseLevel": 0, + "RequiresRestart": false, + "DefaultValue": "en-US", + "ValidationRegex": "^(en-GB|en-US)$", + "PossibleValues": [ + { + "Name": "24h DD-MM-YYYY", + "Description": "", + "Value": "en-GB" + }, + { + "Name": "12h MM/DD/YYYY", + "Description": "", + "Value": "en-US" + } + ], + "Annotations": { + "safing/portbase:ui:category": "User Interface", + "safing/portbase:ui:display-hint": "one-of", + "safing/portmaster:ui:requires-reload": true + } + }, { "Name": "Log Level", "Key": "core/log/level", @@ -146,7 +176,7 @@ "ExpertiseLevel": 2, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": "info", + "DefaultValue": "warning", "ValidationRegex": "^(critical|error|warning|info|debug|trace)$", "PossibleValues": [ { @@ -352,34 +382,12 @@ "Description": "Block .onion, .i2p, .loki, .bit, .eth, .888, .bitcoin, .coin, .crypto, .dao, .nft, .wallet, .x, .zil, .bazar, .coin, .emc, .lib, .bbs, .chan, .dyn, .free, .fur, .geek, .glue, .gopher, .indy, .libre, .neo, .null, .o, .oss, .oz, .parody, .pirate, .ku, .te, .ti, .uu. Unofficial domains may pose a security risk. This setting does not affect .onion domains in the Tor Browser.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 1, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 7, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": true, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Resolving", "safing/portbase:ui:display-hint": "security level", @@ -445,13 +453,13 @@ } }, { - "Name": "Retry Timeout", + "Name": "Retry Failing DNS Servers", "Key": "dns/nameserverRetryRate", - "Description": "Timeout between retries when a DNS server fails.", + "Description": "Duration in seconds how often failing DNS server should be retried. This is done continuously in the background.", "Help": "", "Sensitive": false, "OptType": 3, - "ExpertiseLevel": 1, + "ExpertiseLevel": 2, "ReleaseLevel": 0, "RequiresRestart": false, "DefaultValue": 300, @@ -465,16 +473,16 @@ { "Name": "DNS Servers", "Key": "dns/nameservers", - "Description": "DNS Servers to use for resolving DNS requests.", - "Help": "DNS Servers are used in the order as entered. The first one will be used as the primary DNS Server. Only if it fails, will the other servers be used as a fallback - in their respective order. If all fail, or if no DNS Server is configured here, the Portmaster will use the one configured in your system or network.\n\nAdditionally, if it is more likely that the DNS Server of your system or network has a (better) answer to a request, they will be asked first. This will be the case for special local domains and domain spaces announced on the current network.\n\nDNS Servers are configured in a URL format. This allows you to specify special settings for a resolver. If you just want to use a resolver at IP 10.2.3.4, please enter: `dns://10.2.3.4` \nThe format is: `protocol://ip:port?parameter=value\u0026parameter=value` \n\n- Protocol\n\t- `dot`: DNS-over-TLS (recommended) \n\t- `dns`: plain old DNS \n\t- `tcp`: plain old DNS over TCP\n- IP: always use the IP address and _not_ the domain name!\n- Port: optionally define a custom port\n- Parameters:\n\t- `name`: give your DNS Server a name that is used for messages and logs\n\t- `verify`: domain name to verify for `dot`, required and only valid for protocol `dot`\n\t- `blockedif`: detect if the name server blocks a query, options:\n\t\t- `empty`: server replies with NXDomain status, but without any other record in any section\n\t\t- `refused`: server replies with Refused status\n\t\t- `zeroip`: server replies with an IP address, but it is zero\n\t- `search`: specify prioritized domains/TLDs for this resolver (delimited by `,`)\n\t- `search-only`: use this resolver for domains in the `search` parameter only (no value)\n", + "Description": "DNS servers to use for resolving DNS requests.", + "Help": "DNS servers are used in the order as entered. The first one will be used as the primary DNS Server. Only if it fails, will the other servers be used as a fallback - in their respective order. If all fail, or if no DNS Server is configured here, the Portmaster will use the one configured in your system or network.\n\nAdditionally, if it is more likely that the DNS server of your system or network has a (better) answer to a request, they will be asked first. This will be the case for special local domains and domain spaces announced on the current network.\n\nDNS servers are configured in a URL format. This allows you to specify special settings for a resolver. If you just want to use a resolver at IP 10.2.3.4, please enter: `dns://10.2.3.4` \nThe format is: `protocol://host:port?parameter=value\u0026parameter=value` \n\nFor DoH servers, you can also just paste the URL given by the DNS provider. \nWhen referring to the DNS server using a domain name, as with DoH, it is highly recommended to also specify the IP address using the `ip` parameter, so Portmaster does not have to resolve it.\n\n- Protocol\n\t- `dot`: DNS-over-TLS (or `tls`; recommended) \n\t- `doh`: DNS-over-HTTPS (or `https`)\n\t- `dns`: plain old DNS \n\t- `tcp`: plain old DNS over TCP\n- Host: specify the domain or IP of the resolver\n- Port: optionally define a custom port\n- Parameters:\n\t- `name`: give your DNS Server a name that is used for messages and logs\n\t- `verify`: domain name to verify for `dot`, only valid for `dot` and `doh`\n\t- `ip`: IP address (if using a domain), so Portmaster does not need to resolve it using the system resolver - this is highly recommended\n\t- `blockedif`: detect if the name server blocks a query, options:\n\t\t- `empty`: server replies with NXDomain status, but without any other record in any section\n\t\t- `refused`: server replies with Refused status\n\t\t- `zeroip`: server replies with an IP address, but it is zero\n\t- `search`: specify prioritized domains/TLDs for this resolver (delimited by `,`)\n\t- `search-only`: use this resolver for domains in the `search` parameter only (no value)\n", "Sensitive": true, "OptType": 2, "ExpertiseLevel": 0, "ReleaseLevel": 0, "RequiresRestart": false, "DefaultValue": [ - "dot://1.1.1.2:853?verify=cloudflare-dns.com\u0026name=Cloudflare\u0026blockedif=zeroip", - "dot://1.0.0.2:853?verify=cloudflare-dns.com\u0026name=Cloudflare\u0026blockedif=zeroip" + "dot://cloudflare-dns.com?ip=1.1.1.2\u0026name=Cloudflare\u0026blockedif=zeroip", + "dot://cloudflare-dns.com?ip=1.0.0.2\u0026name=Cloudflare\u0026blockedif=zeroip" ], "ValidationRegex": "^(dot|doh|dns|tcp|https|tls)://.*", "Annotations": { @@ -483,7 +491,7 @@ "safing/portbase:ui:order": 0, "safing/portbase:ui:quick-setting": [ { - "Name": "Cloudflare (with Malware Filter)", + "Name": "Set Cloudflare (with Malware Filter)", "Value": [ "dot://cloudflare-dns.com?ip=1.1.1.2\u0026name=Cloudflare\u0026blockedif=zeroip", "dot://cloudflare-dns.com?ip=1.0.0.2\u0026name=Cloudflare\u0026blockedif=zeroip" @@ -491,7 +499,7 @@ "Action": "replace" }, { - "Name": "Quad9", + "Name": "Set Quad9", "Value": [ "dot://dns.quad9.net?ip=9.9.9.9\u0026name=Quad9\u0026blockedif=empty", "dot://dns.quad9.net?ip=149.112.112.112\u0026name=Quad9\u0026blockedif=empty" @@ -499,7 +507,7 @@ "Action": "replace" }, { - "Name": "AdGuard", + "Name": "Set AdGuard", "Value": [ "dot://dns.adguard.com?ip=94.140.14.14\u0026name=AdGuard\u0026blockedif=zeroip", "dot://dns.adguard.com?ip=94.140.15.15\u0026name=AdGuard\u0026blockedif=zeroip" @@ -507,11 +515,19 @@ "Action": "replace" }, { - "Name": "Foundation for Applied Privacy", + "Name": "Set Foundation for Applied Privacy", "Value": [ - "dot://dot1.applied-privacy.net?ip=94.130.106.88\u0026name=AppliedPrivacy" + "dot://dot1.applied-privacy.net?ip=146.255.56.98\u0026name=AppliedPrivacy" ], "Action": "replace" + }, + { + "Name": "Add Cloudflare (as fallback)", + "Value": [ + "dot://cloudflare-dns.com?ip=1.1.1.1\u0026name=Cloudflare\u0026blockedif=zeroip", + "dot://cloudflare-dns.com?ip=1.0.0.1\u0026name=Cloudflare\u0026blockedif=zeroip" + ], + "Action": "merge-bottom" } ], "self:detail:connectivityDomains": [ @@ -543,29 +559,12 @@ "Description": "Ignore DNS servers configured in your system or network. This may break domains from your local network.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 1, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 6, - "ValidationRegex": "^(7|6|4)$", - "PossibleValues": [ - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": false, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Servers", "safing/portbase:ui:display-hint": "security level", @@ -612,33 +611,16 @@ "Description": "Never resolve using insecure protocols, ie. plain DNS. This may break certain local DNS services, which always use plain DNS.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 1, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 6, - "ValidationRegex": "^(7|6|4)$", - "PossibleValues": [ - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": false, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Resolving", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 3 + "safing/portbase:ui:order": 4 } }, { @@ -647,33 +629,16 @@ "Description": "Do not resolve using Multicast DNS. This may break certain Plug and Play devices and services.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 1, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 6, - "ValidationRegex": "^(7|6|4)$", - "PossibleValues": [ - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": false, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Resolving", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 2, + "safing/portbase:ui:order": 3, "self:detail:multicastDomains": [ ".local.", ".254.169.in-addr.arpa.", @@ -684,6 +649,23 @@ ] } }, + { + "Name": "Always Use DNS Cache", + "Key": "dns/useStaleCache", + "Description": "Always use the DNS cache, even if entries have expired. Expired entries are refreshed afterwards in the background. This can improve DNS resolving performance a lot, but may lead to occasional connection errors due to outdated DNS records.", + "Help": "", + "Sensitive": false, + "OptType": 4, + "ExpertiseLevel": 0, + "ReleaseLevel": 0, + "RequiresRestart": false, + "DefaultValue": false, + "ValidationRegex": "", + "Annotations": { + "safing/portbase:ui:category": "Resolving", + "safing/portbase:ui:order": 2 + } + }, { "Name": "Prompt Timeout", "Key": "filter/askTimeout", @@ -729,38 +711,17 @@ "Description": "Connections initiated towards your device from the LAN or Internet. This will usually only be the case if you are running a network service or are using peer to peer software. Is stronger than Rules (see below).", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 0, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 0, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": true, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Connection Types", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 20 + "safing/portbase:ui:order": 20, + "safing/portmaster:settable-per-app": true } }, { @@ -769,38 +730,17 @@ "Description": "Force Block connections from and to the Internet. Is stronger than Rules (see below).", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 0, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 0, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": false, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Network Scope", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 16 + "safing/portbase:ui:order": 16, + "safing/portmaster:settable-per-app": true } }, { @@ -809,38 +749,17 @@ "Description": "Force Block all connections from and to the Local Area Network. Is stronger than Rules (see below).", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 0, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 0, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": false, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Network Scope", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 17 + "safing/portbase:ui:order": 17, + "safing/portmaster:settable-per-app": true } }, { @@ -849,38 +768,17 @@ "Description": "Force Block all internal connections on your own device, ie. localhost. Is stronger than Rules (see below).", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 1, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 0, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": false, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Network Scope", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 18 + "safing/portbase:ui:order": 18, + "safing/portmaster:settable-per-app": true } }, { @@ -889,45 +787,24 @@ "Description": "These are connections that are established directly to an IP address or peer on the Internet without resolving a domain name via DNS first. Is stronger than Rules (see below).", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 0, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 0, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": false, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Connection Types", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 19 + "safing/portbase:ui:order": 19, + "safing/portmaster:settable-per-app": true } }, { "Name": "Custom Filter List", "Key": "filter/customListFile", - "Description": "Specify the file path to a custom filter list, which will be automatically refreshed. Any connections matching a domain, IP address, Country or ASN in the file will be blocked.", - "Help": "The file is checked every couple minutes and will be automatically reloaded when it has changed. \n\nEntries may be one of:\n- Domain: \"example.com\"\n- IP Address: \"10.0.0.1\"\n- Country Code (based on IP): \"US\"\n- AS (Autonomous System): \"AS1234\" \n\nEverything after the first element of a line, comments starting with a '#', and empty lines are ignored. \nThe settings \"Block Subdomains of Filter List Entries\" and \"Block Domain Aliases\" also apply to the custom filter list. \nLists in the \"Hosts\" format are not supported. \n\nPlease note that the custom filter list is fully loaded into memory. This can have a negative impact on your device if big lists are loaded.", + "Description": "Specify the file path to a custom filter list (.txt), which will be automatically refreshed. Any connections matching a domain, IP address, Country or ASN in the file will be blocked.", + "Help": "The file (.txt) is checked every couple minutes and will be automatically reloaded when it has changed. \n\nEntries (one per line) may be one of:\n- Domain: \"example.com\"\n- IP Address: \"10.0.0.1\"\n- Country Code (based on IP): \"US\"\n- AS (Autonomous System): \"AS1234\" \n\nEverything after the first element of a line, comments starting with a '#', and empty lines are ignored. \nThe settings \"Block Subdomains of Filter List Entries\" and \"Block Domain Aliases\" also apply to the custom filter list. \nLists in the \"Hosts\" format are not supported. \n\nPlease note that the custom filter list is fully loaded into memory. This can have a negative impact on your device if big lists are loaded.", "Sensitive": false, "OptType": 1, "ExpertiseLevel": 1, @@ -944,7 +821,7 @@ { "Name": "Default Network Action", "Key": "filter/defaultAction", - "Description": "The default network action is applied when nothing else allows or blocks an outgoing connection. Incoming connections are always blocked by default.", + "Description": "The default network action is applied when nothing else allows or blocks a connection. This affects both outgoing and incoming connections. This setting is the weakest of all and is commonly overruled by Force Block settings or Rules.", "Help": "", "Sensitive": false, "OptType": 1, @@ -973,7 +850,8 @@ "Annotations": { "safing/portbase:ui:category": "General", "safing/portbase:ui:display-hint": "one-of", - "safing/portbase:ui:order": 1 + "safing/portbase:ui:order": 1, + "safing/portmaster:settable-per-app": true } }, { @@ -982,38 +860,17 @@ "Description": "Auto Allow searches for a relation between an app and the destination of a connection - if there is a correlation, the connection will be allowed.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 0, "ReleaseLevel": 1, "RequiresRestart": false, - "DefaultValue": 7, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": true, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Advanced", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 65 + "safing/portbase:ui:order": 65, + "safing/portmaster:settable-per-app": true } }, { @@ -1030,7 +887,7 @@ "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Advanced", - "safing/portbase:ui:order": 97 + "safing/portbase:ui:order": 81 } }, { @@ -1039,49 +896,28 @@ "Description": "Checks for suspicious domain names and blocks them. This option currently targets domain names generated by malware and DNS data exfiltration channels.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 1, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 7, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": true, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "DNS Filtering", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 51 + "safing/portbase:ui:order": 51, + "safing/portmaster:settable-per-app": true } }, { - "Name": "Privacy Filter Module", + "Name": "Enable Privacy Filter", "Key": "filter/enable", - "Description": "Start the Privacy Filter module. If turned off, all privacy filter protections are fully disabled on this device.", + "Description": "Enable the Privacy Filter. If turned off, all privacy filter protections are fully disabled on this device. Not meant to be disabled in production - only turn off for testing.", "Help": "", "Sensitive": false, "OptType": 4, "ExpertiseLevel": 2, - "ReleaseLevel": 0, + "ReleaseLevel": 2, "RequiresRestart": false, "DefaultValue": true, "ValidationRegex": "", @@ -1093,7 +929,7 @@ "Name": "Outgoing Rules", "Key": "filter/endpoints", "Description": "Rules that apply to outgoing network connections. Cannot overrule Network Scopes and Connection Types (see above).", - "Help": "Rules are checked from top to bottom, stopping after the first match. They can match:\n\n- By address: `192.168.0.1`\n- By network: `192.168.0.1/24`\n- By network scope: `Localhost`, `LAN` or `Internet`\n- By domain:\n\t- Matching a distinct domain: `example.com`\n\t- Matching a domain with subdomains: `.example.com`\n\t- Matching with a wildcard prefix: `*xample.com`\n\t- Matching with a wildcard suffix: `example.*`\n\t- Matching domains containing text: `*example*`\n- By country (based on IP): `US`\n- By AS number: `AS123456`\n- By filter list - use the filterlist ID prefixed with `L:`: `L:MAL`\n- Match anything: `*`\n\nAdditionally, you may supply a protocol and port just behind that using numbers (`6/80`) or names (`TCP/HTTP`). \nPort ranges are defined by using a hyphen (`TCP/1-1024`). Omit the port to match any. \nUse a `*` for matching any protocol. If matching ports with any protocol, protocols without ports will not match. \nRules with protocol and port definitions only match if the protocol and port also match. \nPorts are always compared to the destination port, thus, the local listening port for incoming connections. \nExamples: `192.168.0.1 TCP/HTTP`, `LAN UDP/50000-55000`, `example.com */HTTPS`, `1.1.1.1 ICMP`\n\nImportant: DNS Requests are only matched against domain and filter list rules, all others require an IP address and are checked only with the following IP connection.\n", + "Help": "Rules are checked from top to bottom, stopping after the first match. They can match:\n\n- By address: `192.168.0.1`\n- By network: `192.168.0.0/24`\n- By network scope: `Localhost`, `LAN` or `Internet`\n- By domain:\n\t- Matching a distinct domain: `example.com`\n\t- Matching a domain with subdomains: `.example.com`\n\t- Matching with a wildcard prefix: `*xample.com`\n\t- Matching with a wildcard suffix: `example.*`\n\t- Matching domains containing text: `*example*`\n- By country (based on IP): `US` ([two-letter country codes according to ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2))\n- By continent (based on IP): `C:US` (prefix `AF`, `AN`, `AS`, `EU`, `NA`, `OC`, or `SA` with `C:`)\n- By AS number: `AS123456`\n- By filter list - use the filterlist ID prefixed with `L:`: `L:MAL`\n- Match anything: `*`\n\nAdditionally, you may supply a protocol and port using this format: `\u003chost\u003e \u003cIP protocol\u003e/\u003cport\u003e`.\n\nProtocols and ports may be specified using numbers (`6/80`) or names (`TCP/HTTP`). \nPort ranges are defined by using a hyphen (`TCP/1-1024`). Omit the port to match any. \nUse a `*` for matching any protocol. If matching ports with any protocol, protocols without ports will not match. \nRules with protocol and port definitions only match if the protocol and port also match. \nPorts are always compared to the destination port, thus, the local listening port for incoming connections. \n\nExamples:\n- `192.168.0.1 TCP/HTTP`\n- `LAN UDP/50000-55000`\n- `example.com */HTTPS`\n- `1.1.1.1 ICMP`\n\nImportant: DNS Requests are only matched against domain and filter list rules, all others require an IP address and are checked only with the following IP connection.\n\nPro Tip: You can use `#` to add a comment to a rule.\n", "Sensitive": true, "OptType": 2, "ExpertiseLevel": 0, @@ -1106,6 +942,7 @@ "safing/portbase:ui:category": "Rules", "safing/portbase:ui:display-hint": "endpoint list", "safing/portbase:ui:order": 32, + "safing/portmaster:settable-per-app": true, "safing/portmaster:ui:endpoint-list:verdict-names": { "+": "Allow", "-": "Block" @@ -1118,38 +955,17 @@ "Description": "Block a domain if a resolved CNAME (alias) is blocked by a rule or filter list.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 1, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 7, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": true, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "DNS Filtering", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 48 + "safing/portbase:ui:order": 48, + "safing/portmaster:settable-per-app": true } }, { @@ -1158,38 +974,17 @@ "Description": "Additionally block all subdomains of entries in selected filter lists.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 0, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 7, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": true, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Filter Lists", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 36 + "safing/portbase:ui:order": 36, + "safing/portmaster:settable-per-app": true } }, { @@ -1205,13 +1000,15 @@ "DefaultValue": [ "TRAC", "MAL", - "BAD" + "BAD", + "UNBREAK" ], "ValidationRegex": "^[a-zA-Z0-9\\-]+$", "Annotations": { "safing/portbase:ui:category": "Filter Lists", "safing/portbase:ui:display-hint": "filter list", - "safing/portbase:ui:order": 34 + "safing/portbase:ui:order": 34, + "safing/portmaster:settable-per-app": true } }, { @@ -1228,47 +1025,26 @@ "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Advanced", - "safing/portbase:ui:order": 96 + "safing/portbase:ui:order": 80 } }, { - "Name": "Block Bypassing", + "Name": "Block Secure DNS Bypassing", "Key": "filter/preventBypassing", - "Description": "Prevent apps from bypassing Portmaster's privacy protections. \nIf Block Bypassing is disabled, Portmaster can no longer protect you or filter connections from the affected applications.\n\nCurrent Features: \n- Disable Firefox' internal DNS-over-HTTPs resolver\n- Block direct access to public DNS resolvers\n\nPlease note that if you are using the system resolver, bypass attempts might be additionally blocked there too.", + "Description": "Prevent apps from bypassing Portmaster's Secure DNS resolver.\nIf disabled, Portmaster might have reduced information to correctly enforce rules and filter lists.\nImportant: Portmaster's firewall itself cannot be bypassed.\n\nCurrent Features: \n- Disable Firefox' internal DNS-over-HTTPs resolver\n- Block direct access to public DNS resolvers\n\nPlease note that DNS bypass attempts might be additionally blocked in the System DNS Client App.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 0, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 7, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": true, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "Advanced", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 64 + "safing/portbase:ui:order": 64, + "safing/portmaster:settable-per-app": true } }, { @@ -1277,38 +1053,17 @@ "Description": "Reject blocked IP addresses directly from the DNS response instead of handing them over to the app and blocking a resulting connection. This settings does not affect privacy and only takes effect when the system resolver is not in use.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 2, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 7, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": true, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "DNS Filtering", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 50 + "safing/portbase:ui:order": 50, + "safing/portmaster:settable-per-app": true } }, { @@ -1317,53 +1072,30 @@ "Description": "Reject private IP addresses (RFC1918 et al.) from public DNS responses. If the system resolver is in use, the resulting connection will be blocked instead of the DNS request.", "Help": "", "Sensitive": false, - "OptType": 3, + "OptType": 4, "ExpertiseLevel": 2, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": 7, - "ValidationRegex": "^(0|7|6|4)$", - "PossibleValues": [ - { - "Name": "Off", - "Description": "Setting is always disabled.", - "Value": 0 - }, - { - "Name": "Trusted / Home Network", - "Description": "Setting is always enabled.", - "Value": 7 - }, - { - "Name": "Untrusted / Public Network", - "Description": "Setting is enabled in untrusted and dangerous networks.", - "Value": 6 - }, - { - "Name": "Danger / Hacked Network", - "Description": "Setting is enabled only in dangerous networks.", - "Value": 4 - } - ], + "DefaultValue": true, + "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "DNS Filtering", "safing/portbase:ui:display-hint": "security level", - "safing/portbase:ui:order": 49 + "safing/portbase:ui:order": 49, + "safing/portmaster:settable-per-app": true } }, { "Name": "Incoming Rules", "Key": "filter/serviceEndpoints", - "Description": "Rules that apply to incoming network connections. Cannot overrule Network Scopes and Connection Types (see above). Also note that the default action for incoming connections is to always block.", - "Help": "Rules are checked from top to bottom, stopping after the first match. They can match:\n\n- By address: `192.168.0.1`\n- By network: `192.168.0.1/24`\n- By network scope: `Localhost`, `LAN` or `Internet`\n- By domain:\n\t- Matching a distinct domain: `example.com`\n\t- Matching a domain with subdomains: `.example.com`\n\t- Matching with a wildcard prefix: `*xample.com`\n\t- Matching with a wildcard suffix: `example.*`\n\t- Matching domains containing text: `*example*`\n- By country (based on IP): `US`\n- By AS number: `AS123456`\n- By filter list - use the filterlist ID prefixed with `L:`: `L:MAL`\n- Match anything: `*`\n\nAdditionally, you may supply a protocol and port just behind that using numbers (`6/80`) or names (`TCP/HTTP`). \nPort ranges are defined by using a hyphen (`TCP/1-1024`). Omit the port to match any. \nUse a `*` for matching any protocol. If matching ports with any protocol, protocols without ports will not match. \nRules with protocol and port definitions only match if the protocol and port also match. \nPorts are always compared to the destination port, thus, the local listening port for incoming connections. \nExamples: `192.168.0.1 TCP/HTTP`, `LAN UDP/50000-55000`, `example.com */HTTPS`, `1.1.1.1 ICMP`\n\nImportant: DNS Requests are only matched against domain and filter list rules, all others require an IP address and are checked only with the following IP connection.\n", + "Description": "Rules that apply to incoming network connections. Cannot overrule Network Scopes and Connection Types (see above).", + "Help": "Rules are checked from top to bottom, stopping after the first match. They can match:\n\n- By address: `192.168.0.1`\n- By network: `192.168.0.0/24`\n- By network scope: `Localhost`, `LAN` or `Internet`\n- By domain:\n\t- Matching a distinct domain: `example.com`\n\t- Matching a domain with subdomains: `.example.com`\n\t- Matching with a wildcard prefix: `*xample.com`\n\t- Matching with a wildcard suffix: `example.*`\n\t- Matching domains containing text: `*example*`\n- By country (based on IP): `US` ([two-letter country codes according to ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2))\n- By continent (based on IP): `C:US` (prefix `AF`, `AN`, `AS`, `EU`, `NA`, `OC`, or `SA` with `C:`)\n- By AS number: `AS123456`\n- By filter list - use the filterlist ID prefixed with `L:`: `L:MAL`\n- Match anything: `*`\n\nAdditionally, you may supply a protocol and port using this format: `\u003chost\u003e \u003cIP protocol\u003e/\u003cport\u003e`.\n\nProtocols and ports may be specified using numbers (`6/80`) or names (`TCP/HTTP`). \nPort ranges are defined by using a hyphen (`TCP/1-1024`). Omit the port to match any. \nUse a `*` for matching any protocol. If matching ports with any protocol, protocols without ports will not match. \nRules with protocol and port definitions only match if the protocol and port also match. \nPorts are always compared to the destination port, thus, the local listening port for incoming connections. \n\nExamples:\n- `192.168.0.1 TCP/HTTP`\n- `LAN UDP/50000-55000`\n- `example.com */HTTPS`\n- `1.1.1.1 ICMP`\n\nImportant: DNS Requests are only matched against domain and filter list rules, all others require an IP address and are checked only with the following IP connection.\n\nPro Tip: You can use `#` to add a comment to a rule.\n", "Sensitive": true, "OptType": 2, "ExpertiseLevel": 1, "ReleaseLevel": 0, "RequiresRestart": false, - "DefaultValue": [ - "+ Localhost" - ], + "DefaultValue": [], "ValidationRegex": "^(\\+|\\-) (! +)?[A-z0-9\\.:\\-*/]+( [A-z0-9*]+(/[A-z0-9]+(\\-[A-z0-9]+)?)?)?( +#.*)?", "Annotations": { "safing/portbase:options:stackable": true, @@ -1372,14 +1104,14 @@ "safing/portbase:ui:order": 33, "safing/portbase:ui:quick-setting": [ { - "Name": "SSH", + "Name": "Allow SSH", "Value": [ "+ * tcp/22" ], "Action": "merge-top" }, { - "Name": "HTTP/s", + "Name": "Allow HTTP/s", "Value": [ "+ * tcp/80", "+ * tcp/443" @@ -1387,7 +1119,7 @@ "Action": "merge-top" }, { - "Name": "RDP", + "Name": "Allow RDP", "Value": [ "+ * */3389" ], @@ -1406,19 +1138,66 @@ "+ Internet" ], "Action": "merge-top" + }, + { + "Name": "Block everything else", + "Value": [ + "- *" + ], + "Action": "merge-bottom" } ], + "safing/portmaster:settable-per-app": true, "safing/portmaster:ui:endpoint-list:verdict-names": { "+": "Allow", "-": "Block" } } }, + { + "Name": "Enable Network History", + "Key": "history/enable", + "Description": "Save connections in a database (on disk) in order to view and search them later. Changes might take a couple minutes to apply to all connections.\n\nIn order to reduce noise optimize performance, internal and device-only (localhost) connections are not saved to history.", + "Help": "", + "Sensitive": false, + "OptType": 4, + "ExpertiseLevel": 0, + "ReleaseLevel": 0, + "RequiresRestart": false, + "DefaultValue": false, + "ValidationRegex": "", + "Annotations": { + "safing/portbase:ui:category": "General", + "safing/portbase:ui:order": 96, + "safing/portmaster:settable-per-app": true, + "safing/portmaster:ui:config:requires-feature": "history" + } + }, + { + "Name": "Keep Network History", + "Key": "history/keep", + "Description": "Specify how many days the network history data should be kept. Please keep in mind that more available history data makes reports (coming soon) a lot more useful.\n\t\t\nOlder data is deleted in intervals and cleared from the database continually. If in a hurry, shutdown or restart Portmaster to clear deleted entries immediately.\n\nSet to 0 days to keep network history forever. Depending on your device, this might affect performance.", + "Help": "", + "Sensitive": false, + "OptType": 3, + "ExpertiseLevel": 0, + "ReleaseLevel": 0, + "RequiresRestart": false, + "DefaultValue": 30, + "ValidationRegex": "", + "Annotations": { + "safing/portbase:ui:category": "General", + "safing/portbase:ui:order": 97, + "safing/portbase:ui:unit": "Days", + "safing/portmaster:settable-per-app": true, + "safing/portmaster:ui:config:requires-feature": "history" + } + }, { "Name": "DNS Exit Node Rules", "Key": "spn/dnsExitPolicy", "Description": "Customize which countries should or should not be used as DNS Exit Nodes.\n\nBy default, the Portmaster will exit DNS requests directly at your Home Node in order to keep them fast and close to your location. This is important, as DNS resolution often takes your approximate location into account when deciding which optimized DNS records are returned to you. As the Portmaster encrypts your DNS requests by default, you effectively gain a two-hop security level for your DNS requests in order to protect your privacy.\n\nThis setting mainly exists for when you need to simulate your presence in another location on a lower level too. This might be necessary to defeat more intelligent geo-blocking systems.", - "Help": "Rules are checked from top to bottom, stopping after the first match. They can match the following attributes of SPN Nodes:\n\n- Country (based on IPs): `US`\n- AS number: `AS123456`\n- Address: `192.168.0.1`\n- Network: `192.168.0.1/24`\n- Anything: `*`\n", + "Help": "Rules are checked from top to bottom, stopping after the first match. They can match the following attributes of SPN Nodes:\n\n- Country (based on IPs): `US` (two-letter country codes according to ISO 3166-1 alpha-2)\n- AS number: `AS123456`\n- Address: `192.168.0.1`\n- Network: `192.168.0.1/24`\n- Anything: `*`\n", "Sensitive": true, "OptType": 2, "ExpertiseLevel": 1, @@ -1429,61 +1208,12 @@ "Annotations": { "safing/portbase:ui:category": "Routing", "safing/portbase:ui:display-hint": "endpoint list", - "safing/portbase:ui:order": 147, + "safing/portbase:ui:order": 148, "safing/portbase:ui:quick-setting": [ { - "Name": "Exclude Canada (CA)", - "Value": [ - "- CA" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Finland (FI)", + "Name": "Loading...", "Value": [ - "- FI" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude France (FR)", - "Value": [ - "- FR" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Germany (DE)", - "Value": [ - "- DE" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Israel (IL)", - "Value": [ - "- IL" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Poland (PL)", - "Value": [ - "- PL" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude United Kingdom (GB)", - "Value": [ - "- GB" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude United States of America (US)", - "Value": [ - "- US" + "" ], "Action": "merge-top" } @@ -1515,7 +1245,7 @@ "Name": "Exit Node Rules", "Key": "spn/exitHubPolicy", "Description": "Customize which countries should or should not be used for your Exit Nodes. Exit Nodes are used to exit the SPN and establish a connection to your destination.\n\nBy default, the Portmaster tries to choose the node closest to the destination as the Exit Node. This reduces your exposure to the open Internet. Exit Nodes are chosen for every destination separately.", - "Help": "Rules are checked from top to bottom, stopping after the first match. They can match the following attributes of SPN Nodes:\n\n- Country (based on IPs): `US`\n- AS number: `AS123456`\n- Address: `192.168.0.1`\n- Network: `192.168.0.1/24`\n- Anything: `*`\n", + "Help": "Rules are checked from top to bottom, stopping after the first match. They can match the following attributes of SPN Nodes:\n\n- Country (based on IPs): `US` (two-letter country codes according to ISO 3166-1 alpha-2)\n- AS number: `AS123456`\n- Address: `192.168.0.1`\n- Network: `192.168.0.1/24`\n- Anything: `*`\n", "Sensitive": true, "OptType": 2, "ExpertiseLevel": 0, @@ -1527,65 +1257,17 @@ "safing/portbase:options:stackable": true, "safing/portbase:ui:category": "Routing", "safing/portbase:ui:display-hint": "endpoint list", - "safing/portbase:ui:order": 146, + "safing/portbase:ui:order": 147, "safing/portbase:ui:quick-setting": [ { - "Name": "Exclude Canada (CA)", - "Value": [ - "- CA" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Finland (FI)", - "Value": [ - "- FI" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude France (FR)", - "Value": [ - "- FR" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Germany (DE)", - "Value": [ - "- DE" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Israel (IL)", - "Value": [ - "- IL" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Poland (PL)", - "Value": [ - "- PL" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude United Kingdom (GB)", - "Value": [ - "- GB" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude United States of America (US)", + "Name": "Loading...", "Value": [ - "- US" + "" ], "Action": "merge-top" } ], + "safing/portmaster:settable-per-app": true, "safing/portmaster:ui:endpoint-list:verdict-names": { "+": "Allow", "-": "Exclude" @@ -1596,12 +1278,12 @@ "Name": "Home Node Rules", "Key": "spn/homePolicy", "Description": "Customize which countries should or should not be used for your Home Node. The Home Node is your entry into the SPN. You connect directly to it and all your connections are routed through it.\n\nBy default, the Portmaster tries to choose the nearest node as your Home Node in order to reduce your exposure to the open Internet.\n\nReconnect to the SPN in order to apply new rules.", - "Help": "Rules are checked from top to bottom, stopping after the first match. They can match the following attributes of SPN Nodes:\n\n- Country (based on IPs): `US`\n- AS number: `AS123456`\n- Address: `192.168.0.1`\n- Network: `192.168.0.1/24`\n- Anything: `*`\n", + "Help": "Rules are checked from top to bottom, stopping after the first match. They can match the following attributes of SPN Nodes:\n\n- Country (based on IPs): `US` (two-letter country codes according to ISO 3166-1 alpha-2)\n- AS number: `AS123456`\n- Address: `192.168.0.1`\n- Network: `192.168.0.1/24`\n- Anything: `*`\n", "Sensitive": true, "OptType": 2, "ExpertiseLevel": 1, "ReleaseLevel": 0, - "RequiresRestart": false, + "RequiresRestart": true, "DefaultValue": [], "ValidationRegex": "^(\\+|\\-) (! +)?[A-z0-9\\.:\\-*/]+( [A-z0-9*]+(/[A-z0-9]+(\\-[A-z0-9]+)?)?)?( +#.*)?", "Annotations": { @@ -1610,58 +1292,9 @@ "safing/portbase:ui:order": 145, "safing/portbase:ui:quick-setting": [ { - "Name": "Exclude Canada (CA)", - "Value": [ - "- CA" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Finland (FI)", - "Value": [ - "- FI" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude France (FR)", - "Value": [ - "- FR" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Germany (DE)", - "Value": [ - "- DE" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Israel (IL)", + "Name": "Loading...", "Value": [ - "- IL" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude Poland (PL)", - "Value": [ - "- PL" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude United Kingdom (GB)", - "Value": [ - "- GB" - ], - "Action": "merge-top" - }, - { - "Name": "Exclude United States of America (US)", - "Value": [ - "- US" + "" ], "Action": "merge-top" } @@ -1675,7 +1308,7 @@ { "Name": "Select SPN Routing Algorithm", "Key": "spn/routingAlgorithm", - "Description": "Select the routing algorithm for your connections through the SPN. Configure your preferred balance between speed and privacy.", + "Description": "Select the routing algorithm for your connections through the SPN. Configure your preferred balance between speed and privacy. Portmaster may automatically upgrade the routing algorithm if necessary to protect your privacy.", "Help": "", "Sensitive": false, "OptType": 1, @@ -1709,7 +1342,8 @@ "Annotations": { "safing/portbase:ui:category": "Routing", "safing/portbase:ui:display-hint": "one-of", - "safing/portbase:ui:order": 144 + "safing/portbase:ui:order": 144, + "safing/portmaster:settable-per-app": true } }, { @@ -1729,11 +1363,61 @@ "safing/portbase:ui:order": 160 } }, + { + "Name": "Transit Node Rules", + "Key": "spn/transitHubPolicy", + "Description": "Customize which countries should or should not be used as Transit Nodes. Transit Nodes are used to transit the SPN from your Home to your Exit Node.", + "Help": "Rules are checked from top to bottom, stopping after the first match. They can match the following attributes of SPN Nodes:\n\n- Country (based on IPs): `US` (two-letter country codes according to ISO 3166-1 alpha-2)\n- AS number: `AS123456`\n- Address: `192.168.0.1`\n- Network: `192.168.0.1/24`\n- Anything: `*`\n", + "Sensitive": true, + "OptType": 2, + "ExpertiseLevel": 1, + "ReleaseLevel": 0, + "RequiresRestart": false, + "DefaultValue": [], + "ValidationRegex": "^(\\+|\\-) (! +)?[A-z0-9\\.:\\-*/]+( [A-z0-9*]+(/[A-z0-9]+(\\-[A-z0-9]+)?)?)?( +#.*)?", + "Annotations": { + "safing/portbase:options:stackable": true, + "safing/portbase:ui:category": "Routing", + "safing/portbase:ui:display-hint": "endpoint list", + "safing/portbase:ui:order": 146, + "safing/portbase:ui:quick-setting": [ + { + "Name": "Loading...", + "Value": [ + "" + ], + "Action": "merge-top" + } + ], + "safing/portmaster:settable-per-app": true, + "safing/portmaster:ui:endpoint-list:verdict-names": { + "+": "Allow", + "-": "Exclude" + } + } + }, + { + "Name": "Trust Nodes", + "Key": "spn/trustNodes", + "Description": "Specify which community nodes to additionally trust. These nodes may then also be used as a Home Node, as well as an Exit Node for unencrypted connections.", + "Help": "You can specify nodes by their ID or their verified operator.", + "Sensitive": true, + "OptType": 2, + "ExpertiseLevel": 1, + "ReleaseLevel": 0, + "RequiresRestart": false, + "DefaultValue": [], + "ValidationRegex": "", + "Annotations": { + "safing/portbase:ui:category": "Routing", + "safing/portbase:ui:order": 150 + } + }, { "Name": "SPN Rules", "Key": "spn/usagePolicy", "Description": "Customize which websites should or should not be routed through the SPN. Only active if \"Use SPN\" is enabled.", - "Help": "Rules are checked from top to bottom, stopping after the first match. They can match:\n\n- By address: `192.168.0.1`\n- By network: `192.168.0.1/24`\n- By network scope: `Localhost`, `LAN` or `Internet`\n- By domain:\n\t- Matching a distinct domain: `example.com`\n\t- Matching a domain with subdomains: `.example.com`\n\t- Matching with a wildcard prefix: `*xample.com`\n\t- Matching with a wildcard suffix: `example.*`\n\t- Matching domains containing text: `*example*`\n- By country (based on IP): `US`\n- By AS number: `AS123456`\n- By filter list - use the filterlist ID prefixed with `L:`: `L:MAL`\n- Match anything: `*`\n\nAdditionally, you may supply a protocol and port just behind that using numbers (`6/80`) or names (`TCP/HTTP`). \nPort ranges are defined by using a hyphen (`TCP/1-1024`). Omit the port to match any. \nUse a `*` for matching any protocol. If matching ports with any protocol, protocols without ports will not match. \nRules with protocol and port definitions only match if the protocol and port also match. \nPorts are always compared to the destination port, thus, the local listening port for incoming connections. \nExamples: `192.168.0.1 TCP/HTTP`, `LAN UDP/50000-55000`, `example.com */HTTPS`, `1.1.1.1 ICMP`\n\nImportant: DNS Requests are only matched against domain and filter list rules, all others require an IP address and are checked only with the following IP connection.\n", + "Help": "Rules are checked from top to bottom, stopping after the first match. They can match:\n\n- By address: `192.168.0.1`\n- By network: `192.168.0.0/24`\n- By network scope: `Localhost`, `LAN` or `Internet`\n- By domain:\n\t- Matching a distinct domain: `example.com`\n\t- Matching a domain with subdomains: `.example.com`\n\t- Matching with a wildcard prefix: `*xample.com`\n\t- Matching with a wildcard suffix: `example.*`\n\t- Matching domains containing text: `*example*`\n- By country (based on IP): `US` ([two-letter country codes according to ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2))\n- By continent (based on IP): `C:US` (prefix `AF`, `AN`, `AS`, `EU`, `NA`, `OC`, or `SA` with `C:`)\n- By AS number: `AS123456`\n- By filter list - use the filterlist ID prefixed with `L:`: `L:MAL`\n- Match anything: `*`\n\nAdditionally, you may supply a protocol and port using this format: `\u003chost\u003e \u003cIP protocol\u003e/\u003cport\u003e`.\n\nProtocols and ports may be specified using numbers (`6/80`) or names (`TCP/HTTP`). \nPort ranges are defined by using a hyphen (`TCP/1-1024`). Omit the port to match any. \nUse a `*` for matching any protocol. If matching ports with any protocol, protocols without ports will not match. \nRules with protocol and port definitions only match if the protocol and port also match. \nPorts are always compared to the destination port, thus, the local listening port for incoming connections. \n\nExamples:\n- `192.168.0.1 TCP/HTTP`\n- `LAN UDP/50000-55000`\n- `example.com */HTTPS`\n- `1.1.1.1 ICMP`\n\nImportant: DNS Requests are only matched against domain and filter list rules, all others require an IP address and are checked only with the following IP connection.\n\nPro Tip: You can use `#` to add a comment to a rule.\n", "Sensitive": true, "OptType": 2, "ExpertiseLevel": 0, @@ -1746,6 +1430,7 @@ "safing/portbase:ui:category": "General", "safing/portbase:ui:display-hint": "endpoint list", "safing/portbase:ui:order": 130, + "safing/portmaster:settable-per-app": true, "safing/portmaster:ui:endpoint-list:verdict-names": { "+": "Allow", "-": "Exclude" @@ -1766,7 +1451,25 @@ "ValidationRegex": "", "Annotations": { "safing/portbase:ui:category": "General", - "safing/portbase:ui:order": 129 + "safing/portbase:ui:order": 129, + "safing/portmaster:settable-per-app": true + } + }, + { + "Name": "Use Community Nodes", + "Key": "spn/useCommunityNodes", + "Description": "Use nodes (servers) not operated by Safing themselves. The use of community nodes is recommended as it diversifies the ownership of the nodes you use for your connections and further strengthens your privacy. Plain connections (eg. http, smtp, ...) will never exit via community nodes, making this setting safe to use.", + "Help": "", + "Sensitive": true, + "OptType": 4, + "ExpertiseLevel": 0, + "ReleaseLevel": 0, + "RequiresRestart": true, + "DefaultValue": true, + "ValidationRegex": "", + "Annotations": { + "safing/portbase:ui:category": "Routing", + "safing/portbase:ui:order": 149 } } ] \ No newline at end of file diff --git a/_data/faq/all.json b/_data/faq/all.json new file mode 100644 index 0000000..7093305 --- /dev/null +++ b/_data/faq/all.json @@ -0,0 +1,553 @@ +[ + { + "title": "FAQ: Can I run Portmaster on a server?", + "html_url": "https://github.com/safing/portmaster/issues/707", + "body": "Portmaster is currently built for desktops that have a physical graphical interface. That said, you can run Portmaster on a server if done correctly.\r\n\r\n### Backup Access\r\n\r\nIf in any way possible make sure and _test_ your backup access to the server in case you lock yourself out.\r\n\r\n### Prepare Config File\r\n\r\nWe'll need to write our config file ourselves and place it on the server before we install Portmaster so that we don't lock ourselves out. You can either use an existing Portmaster instance to configure your settings and then copy the `config.json` file from the data directory, or you can build it from scratch. Below is a template as a starting point. Now, let's go though the settings you want to change:\r\n\r\n- [API Listen Address](https://docs.safing.io/portmaster/settings#core/listenAddress)\r\n - By default, Portmaster only listens on localhost, change this to `0.0.0.0:817` to enable connections from anywhere.\r\n- [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints)\r\n - You need to additionally allow from where connections to the Portmaster API are allowed. Scope this a narrow as possible.\r\n - We can't configure rules for applications in `config.json`, so we add only global rules for now and can switch to per-app after install.\r\n - (First add app rule, test, and then remove the global rule!)\r\n - Also, allow other management protocols so you can still access your server, such as SSH or RDP.\r\n- [Development Mode](https://docs.safing.io/portmaster/settings#core/devMode)\r\n - ⚠️ While Portmaster has support for [API Keys](https://docs.safing.io/portmaster/settings#core/apiKeys), these are not yet supported for logging into the UI. This means you will need to activate [Development Mode](https://docs.safing.io/portmaster/settings#core/devMode) for now, to allow access the the UI.\r\n- [Automatic Updates](https://docs.safing.io/portmaster/settings#core/automaticUpdates)\r\n - Portmaster uses automatic updates to stay up to date. Depending on your use case, this might not be what you want.\r\n - We haven't yet split the automatic update system into binaries and intelligence data, so disabling this will cut you off from intelligence data updates.\r\n - Until we have support for splitting this, you should manually update regularly by pressing the \"Download Updates\" button in tools menu.\r\n\r\nIf you run Portmaster on a private network you have access to, then this might be enough. If you want to access Portmaster via a public network, more caution and work is needed.\r\n\r\n⚠️ Portmaster does not support HTTPS for the UI. You will need to take care of this yourself. We recommend using something like [Traefik](https://traefik.io/) or [Caddy](https://caddyserver.com/) as a reverse proxy for automatic HTTPS.\r\n\r\n`config.json` template with multiple options - delete the ones you don't need:\r\n```\r\n{\r\n \"core\": {\r\n \"automaticUpdates\": false,\r\n \"devMode\": true,\r\n \"expertiseLevel\": \"developer\",\r\n \"listenAddress\": \"0.0.0.0:817\"\r\n },\r\n \"filter\": {\r\n \"serviceEndpoints\": [\r\n \"+ Localhost\",\r\n \"+ * TCP/SSH # Allow remote SSH access from anywhere\",\r\n \"+ * */3389 # Allow remote RDP access from anywhere\",\r\n \"+ * TCP/817 # Allow remote access to Portmaster from anywhere\",\r\n \"+ LAN TCP/817 # Allow remote access to Portmaster from LAN only\"\r\n ]\r\n }\r\n}\r\n```\r\n\r\nYou may also want to validate the json before using your config.\r\n\r\n### Place Config File\r\n\r\n_Before_ installing we need to place to config file:\r\n\r\n- Windows: `C:\\ProgramData\\Safing\\Portmaster\\config.json`\r\n- Linux: `/opt/safing/portmaster/config.json`\r\n\r\n### Install Portmaster\r\n\r\nThen, run the installer for Portmaster on the server. If everything went well, then you should still have access to your server and to the Portmaster UI in the way you configured.\r\n\r\n----\r\n\r\nKeywords: server, automatic updates, production, remote access, API, HTTP, authentication\r\n\r\nCategories: Compatibility", + "keywords": [ + "server", + "automatic updates", + "production", + "remote access", + "API", + "HTTP", + "authentication" + ], + "categories": [ + "Compatibility" + ] + }, + { + "title": "FAQ: Can community nodes see my traffic?", + "html_url": "https://github.com/safing/spn/issues/108", + "body": "Community Nodes are servers not hosted by Safing, but by the Portmaster and SPN community. Except for one aspect, community nodes are treated exactly the same as nodes operated by Safing.\r\n\r\nThe only difference is, that network connections that are not encrypted by themselves, like plain HTTP, will never exit the network at community nodes. Instead, they exit the network at specially trusted servers, which are a subset of the servers operated by Safing.\r\n\r\nCommunity nodes will therefore never see any connection contents, as the connections are always encrypted for the destination server. This makes community nodes safe to use. Not only are they safe to use, but they are recommended, as they provide even better privacy due to more diverse server ownership in the nodes you use.\r\n\r\n---\r\n\r\nKeywords: exit node, traffic sniffing, connections\r\n\r\nCategories: SPN", + "keywords": [ + "exit node", + "traffic sniffing", + "connections" + ], + "categories": [ + "SPN" + ] + }, + { + "title": "FAQ: Default Settings for Incoming Connections CHANGED in v0.9.6", + "html_url": "https://github.com/safing/portmaster/issues/886", + "body": "We have updated some default values for settings to make allowing incoming connections a lot easier:\r\n\r\nThe [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints) now follow the [Default Network Action](https://docs.safing.io/portmaster/settings#filter/defaultAction) (default: allow), making them work the same as [Outgoing Rules](https://docs.safing.io/portmaster/settings#filter/endpoints). To still block incoming connections, [Force Block Incoming Connections](https://docs.safing.io/portmaster/settings#filter/blockInbound) is now enabled globally by default. You can easily create exceptions in app settings to allow incoming connections! Please review your settings.\r\n\r\nPreviously, you had to add a rule to the [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints) in order to allow incoming connections, but this is non-trivial, as you had to first understand how rules work and written.\r\nIf you used rules in the past to allow incoming connections, these might now be blocked because of this change. In order to allow your incoming connections again, just head to the affected app and disable [Force Block Incoming Connections](https://docs.safing.io/portmaster/settings#filter/blockInbound) and everything should work as before.\r\n\r\nIf that happens to you, please also review your existing [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints) and possibly restrict them by selecting \"Block everything else\" from the \"Quick Settings\" dropdown at the setting.\r\nAlternatively, you can easily block the network scopes that your app does not need with [Force Block Internet Access](https://docs.safing.io/portmaster/settings#filter/blockInternet) and [Force Block LAN](https://docs.safing.io/portmaster/settings#filter/blockLAN), which also apply to outgoing connections.\r\n\r\nPortmaster will also warn you once a week if you have disabled [Force Block Incoming Connections](https://docs.safing.io/portmaster/settings#filter/blockInbound) globally. So, just in case you configure Portmaster in a bad way, it will warn you about it.\r\n\r\n---\r\n\r\nKeywords: incoming, blocked, broken after update, as of version, inbound\r\n\r\nCategories: Privacy Filter\r\n", + "keywords": [ + "incoming", + "blocked", + "broken after update", + "as of version", + "inbound" + ], + "categories": [ + "Privacy Filter" + ] + }, + { + "title": "FAQ: Does Portmaster protect on startup?", + "html_url": "https://github.com/safing/portmaster/issues/701", + "body": "Portmaster is registered as a system service and starts immediately at boot - even _before_ you log into your user account. This means that it generally starts before any other of your programs.\r\nPlease note that the tray icon / app indicator is a separate process and is _no indication_ for the Portmaster has started, as it is only started _after_ login.\r\n\r\nBesides that, there are some subtle differences depending your operating system:\r\n\r\n#### Windows\r\n\r\nThe Windows system service of Portmaster is started as a regular service. The service then initialized the kernel driver / extension to integrate into the network stack. This means that Portmaster is currently started after the boot process of the Window Kernel is completed.\r\n\r\nThis means that, currently, some Windows services have a short head start before Portmaster. Tests on Windows 11 have shown these services to be able to communicate before Portmaster is ready:\r\n- NetBIOS querying the network with a connection to `255.255.255.255 UDP/137`.\r\n- Connectivity check with a connection to `β€Žwww.msftconnecttest.com`.\r\n\r\nFuture Improvement: After Portmaster has started for the first time, there will be an option to \"persist\" the Portmaster kernel driver, so that it is started with the kernel and blocks _all connectivity_ until the Portmaster is fully ready. This is tricky as it can _easily_ break your network connectivity or lead to a BSOD.\r\n\r\n#### Linux\r\n\r\nThe systemd service of the Portmaster is configured to be started before the network and name resolution. This means that the protection is started before the network connectivity is enabled:\r\n\r\n```\r\nBefore=nss-lookup.target network.target\r\n```\r\n\r\nFuture Improvement: After we have implemented direct support for systemd, we will be able to use the `WantedBy` configuration option, which will make systemd properly wait until the Portmaster has fully started before continuing with other services, mitigating any possibility of race conditions.\r\n\r\n---\r\n\r\nKeywords: boot, reboot, start, first, before, early, not yet, protect, enabled, started, everything else, anything else, block everything\r\n\r\nCategories: Starting and Stopping", + "keywords": [ + "boot", + "reboot", + "start", + "first", + "before", + "early", + "not yet", + "protect", + "enabled", + "started", + "everything else", + "anything else", + "block everything" + ], + "categories": [ + "Starting and Stopping" + ] + }, + { + "title": "FAQ: Does Portmaster support IPv6?", + "html_url": "https://github.com/safing/portmaster/issues/778", + "body": "Portmaster has full IPv6 support.\r\n\r\n### Using IPv6 only\r\n\r\nIf you plan to use only IPv6 without IPv4, you'll need to configure IPv6 [DNS Servers](https://docs.safing.io/portmaster/settings#dns/nameservers) with the [DNS Configuration Guide](https://docs.safing.io/portmaster/guides/dns-configuration).\r\n\r\n### Disabling IPv6\r\n\r\n- Windows\r\n - Disabling IPv6 on the system is currently not supported on Windows, as the Portmaster Kernel Driver will try to interact with the IPv6 network stack.\r\n - You can block all IPv6 connections instead.\r\n- Linux\r\n - You can disable IPv6 in the network stack and restart Portmaster.\r\n - If Portmaster detects no IPv6 addresses at all, it will disable IPv6 integration.\r\n - Careful: DO NOT enable IPv6 again without also restarting Portmaster! You will NOT be protected!\r\n\r\n### Block all IPv6\r\n\r\nIn order to block all IPv6 connections, just add `Block ::/0` to both [Outgoing Rules](https://docs.safing.io/portmaster/settings#filter/endpoints) and [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints).\r\n\r\n---\r\n\r\nKeywords: IP version 6, ip6, ipv6, network adapter, disabled, grub, configuration, break\r\n\r\nCategories: Compatibility", + "keywords": [ + "IP version 6", + "ip6", + "ipv6", + "network adapter", + "disabled", + "grub", + "configuration", + "break" + ], + "categories": [ + "Compatibility" + ] + }, + { + "title": "FAQ: How can I add my Discord ID to my Portmaster Account?", + "html_url": "https://github.com/safing/portmaster/issues/936", + "body": "You can link your Discord ID to your Portmaster account in order to gain access to private channels as well as gaining the sweet user flair on all your posts:\r\n![image](https://user-images.githubusercontent.com/11504285/195292347-c895c904-f999-428a-b4f1-72776ac8cb57.png)\r\n\r\n### Get your Discord ID\r\nYour discord ID is NOT your user name, and most people have never seen it.\r\nWe might update the bot in the future to retrieve this ID automatically, but for now you will have to jump through some hoops to get your ID.\r\n**1. Go to settings**\r\n![image](https://user-images.githubusercontent.com/11504285/195293428-66ba2648-40d4-4d7c-b636-b1cd92b00b59.png)\r\n**2. Open Advanced**\r\n![image](https://user-images.githubusercontent.com/11504285/195293524-a40225f6-1199-4d0c-b7cc-7f550fe3d7c2.png)\r\n**3. Activate \"Developer Mode\"**\r\n![image](https://user-images.githubusercontent.com/11504285/195293614-f6515c35-bc55-4008-865c-5f7d33fa81bd.png)\r\n**4. \"Copy ID\" from your \"My Account\" Page**\r\n![image](https://user-images.githubusercontent.com/11504285/195293877-317257d1-442c-405a-9628-f72412db45b2.png)\r\n\r\n### Add your ID to your Portmaster Account\r\n\r\nAfter logging into your Portmaster Account at https://account.safing.io/:\r\n\r\n**1. Go to \"Account and Password**\r\n![image](https://user-images.githubusercontent.com/11504285/195294507-9de25198-7257-4924-acf0-6c5c0043b765.png)\r\n**2. Enter your Discord ID**\r\n![image](https://user-images.githubusercontent.com/11504285/195294778-1570d97b-d40a-4fda-805e-a4ec788d2b69.png)\r\n**3. Confirm Change with Password**\r\n![image](https://user-images.githubusercontent.com/11504285/195294941-1a25dc88-f4a5-44a8-be91-544ba1b6799d.png)\r\n\r\nThe update in Discord should be immediate.\r\nNote that Reddit can be filled out already but this feature is not available yet. \r\n\r\n---\r\n\r\nKeywords: Discord, Account, Flair, User,\r\n\r\nCategories: Guides, Account", + "keywords": [ + "Discord", + "Account", + "Flair", + "User," + ], + "categories": [ + "Guides", + "Account" + ] + }, + { + "title": "FAQ: How can I allow a blocked connection?", + "html_url": "https://github.com/safing/portmaster/issues/706", + "body": "Portmaster is all about protecting your privacy. This also means that it may block something that you want to allow. Here's how you do it:\r\n\r\n## 1. Find the blocked connection in the Network Monitor\r\n\r\nBefore we can try to fix anything, we need to find the connection that is blocked in the Network Monitor. To do this, open the Portmaster App, which will start with the Network Monitor already open.\r\n\r\nThen, find the application that you are having trouble with. Sometimes applications are split into multiple sub-parts, so you might need to click around. If you see an application that has at least a little bit of a grey bar, it means that at least one connection is blocked:\r\n![image](https://user-images.githubusercontent.com/18184155/175247736-9961ea93-be13-4624-9278-76beba26f80d.png)\r\n\r\nIf you have found the application, open it and search for the blocked connection, which are marked with a red dot:\r\n![image](https://user-images.githubusercontent.com/18184155/175248225-5842969e-d603-4e0f-8d7a-815c115ee9ed.png)\r\n\r\nIf your connections are grouped in some way, again look out for the grey parts of the bar:\r\n![image](https://user-images.githubusercontent.com/18184155/175247736-9961ea93-be13-4624-9278-76beba26f80d.png)\r\n\r\nIf you found a connection that was blocked and looks like the one that you'd rather allow, continue to the next step:\r\n\r\n## 2. Find out why it is blocked\r\n\r\nTo get more information about the blocked connection, click on it to open the details:\r\n![image](https://user-images.githubusercontent.com/18184155/175249877-db0c0ff7-ec4e-41ad-916a-7c78f60f4544.png)\r\n\r\nIn addition to many other details (also depending on your [User Interface Mode](https://docs.safing.io/portmaster/settings#core/expertiseLevel)), you can see \"Applied Setting\" in the bottom left of this section.\r\nThis tells you which setting was responsible for blocking this connection.\r\n\r\n## 3. Allow the connection\r\n\r\nIn order to allow this connection, you now have two options:\r\n1. Add an exception for this connection (recommended), or\r\n2. Change the responsible setting\r\n\r\n### 3.1. Add an exception for this connection\r\n\r\nIn order to add an exception for this domain, just press the button at the bottom left of the connection section:\r\n![image](https://user-images.githubusercontent.com/18184155/175252873-b246c6a9-c326-4526-a946-537bca8c2d7a.png)\r\n\r\nIf you then go to the settings of the application, you will see that a new rule was added:\r\n![image](https://user-images.githubusercontent.com/18184155/175253147-4a692177-1de3-4cf5-90c6-7f4b6938ee66.png)\r\n\r\nIf the \"Allow Domain\" or \"Allow IP\" button is disabled, this means that an exception is not possible and that you must change the responsible setting:\r\n\r\n### 3.2. Change the responsible setting\r\n\r\nBefore you change the setting, you must decide whether you want to change the settings for this app only (recommended) or globally for all apps (which don't have this setting configured differently).\r\n\r\nPressing the corresponding button will take you to the responsible setting:\r\n![image](https://user-images.githubusercontent.com/18184155/175252694-7676ed7e-f356-46ff-a6fb-3847d857c0ef.png)\r\n\r\nHow to change the setting heavily depends on the setting itself, so the best way to go forward is to read the description by clicking on the (i) icon:\r\n![image](https://user-images.githubusercontent.com/18184155/175254095-1fc018b1-5451-4f71-a2b3-1113b9beec86.png)\r\n\r\nGenerally, we try to make all settings provide more protection by turning them \"on\", so in most cases turning off a setting will allow the connection.\r\n\r\nIn case there are multiple settings that block a connection, you might need to repeat this process.\r\n\r\n---\r\n\r\nKeywords: allow, exception, unbreak, unblock, not block, stop blocking, deny, denied, dropped, permit, connection, DNS request\r\n\r\nCategories: Guides, Privacy Filter", + "keywords": [ + "allow", + "exception", + "unbreak", + "unblock", + "not block", + "stop blocking", + "deny", + "denied", + "dropped", + "permit", + "connection", + "DNS request" + ], + "categories": [ + "Guides", + "Privacy Filter" + ] + }, + { + "title": "FAQ: How can I allow incoming connections?", + "html_url": "https://github.com/safing/portmaster/issues/959", + "body": "If you have an app your device that needs to accept or listen for incoming connections, you can easily allow it do so by disabling [Force Block Incoming Connections](https://docs.safing.io/portmaster/settings#filter/blockInbound) within the app settings in Portmaster.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/198329343-44f7f29c-41f6-4224-a45d-97378e31aafa.png)\r\n\r\nThis will allow the app to accept connections coming from _anywhere_. If you would rather limit where this app may connect to and accept connections from, you can easily limit it using the settings [Force Block LAN](https://docs.safing.io/portmaster/settings#filter/blockLAN) and [Force Block Internet Access](https://docs.safing.io/portmaster/settings#filter/blockInternet).\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/198329498-a856e0c5-7a0d-43a9-9514-e19cc4b00edf.png)\r\n\r\nIf you want even more control, you can use the [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints) to very specifically allow who is allowed to connect. If you use rules, be sure to select \"Block everything else\" from the Quick Settings menu in order to block everything you did not specifically allow.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/198329834-2cd729f8-d89f-4e65-a53e-12107994f7b3.png)\r\n\r\nNote: You should never disable [Force Block Incoming Connections](https://docs.safing.io/portmaster/settings#filter/blockInbound) in the global settings. This is potentially very dangerous.\r\n\r\n---\r\n\r\nKeywords: incoming, inbound, listen, socket, port, listener, accept, service, allow, block, drop, firewall\r\n\r\nCategories: Guides, Privacy Filter", + "keywords": [ + "incoming", + "inbound", + "listen", + "socket", + "port", + "listener", + "accept", + "service", + "allow", + "block", + "drop", + "firewall" + ], + "categories": [ + "Guides", + "Privacy Filter" + ] + }, + { + "title": "FAQ: How can I enable or disable the SPN for just one application?", + "html_url": "https://github.com/safing/spn/issues/105", + "body": "Applications can easily be excluded from the SPN by either using the quick setting in the app page header, or in the settings:\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187927360-3f1290d2-a4da-45d9-aa33-3f65f46bd1cf.png)\r\n\r\nor\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187927728-3197860c-f04d-45d8-ad96-70d642f0f8e4.png)\r\n\r\n---\r\n\r\nKeywords: route, routing, not go through, enable, disable, exclude, include, decide, connection, tunnel\r\n\r\nCategories: SPN", + "keywords": [ + "route", + "routing", + "not go through", + "enable", + "disable", + "exclude", + "include", + "decide", + "connection", + "tunnel" + ], + "categories": [ + "SPN" + ] + }, + { + "title": "FAQ: How can I exclude a Domain or IP address from the SPN?", + "html_url": "https://github.com/safing/spn/issues/104", + "body": "You can easily exclude any Domain or IP address from the SPN by using the [SPN Rules](https://docs.safing.io/portmaster/settings#spn/usagePolicy). It is a rule list similar to the others and applies the first entry that matches.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187923583-c5392177-9ffa-4ad8-a53a-fd4061237878.png)\r\n\r\n---\r\n\r\nKeywords: route, routing, not go through, enable, disable, exclude, include, decide, connection, tunnel\r\n\r\nCategories: SPN", + "keywords": [ + "route", + "routing", + "not go through", + "enable", + "disable", + "exclude", + "include", + "decide", + "connection", + "tunnel" + ], + "categories": [ + "SPN" + ] + }, + { + "title": "FAQ: How can I exclude the Local Network (LAN) from the SPN?", + "html_url": "https://github.com/safing/spn/issues/106", + "body": "The Local Network (LAN) is always excluded from the SPN, as servers in the SPN cannot access your local network.\r\n\r\nVPNs do not differentiate between networks without special configuration.\r\n\r\n---\r\n\r\nKeywords: route, routing, not go through, enable, disable, exclude, include, decide, connection, tunnel\r\n\r\nCategories: SPN", + "keywords": [ + "route", + "routing", + "not go through", + "enable", + "disable", + "exclude", + "include", + "decide", + "connection", + "tunnel" + ], + "categories": [ + "SPN" + ] + }, + { + "title": "FAQ: How can I help testing Portmaster?", + "html_url": "https://github.com/safing/portmaster/issues/717", + "body": "If you want to help testing Portmaster and want to give earlier feedback on new features, you can switch to the [\"Beta\" Release Channel](https://docs.safing.io/portmaster/settings#core/releaseChannel):\r\n\r\n- Open Portmaster\r\n- Go to the Global Settings\r\n- Search for `release` in the search bar on top\r\n- Set the \"Release Channel\" setting to \"Beta\" in the dropdown menu\r\n- Wait for the \"Update Check Successful\" notification\r\n- Click \"Restart\" on the warning on the setting or use the power menu in the bottom left\r\n- After Portmaster restarted, click the tools menu to check the current version and release channel\r\n\r\n__Please be sure to always report problems that arise, so we can quickly find and fix them!__\r\n__Also, general feedback on changes are always very welcome!__\r\n\r\nIf you experience problems, you can always switch back to \"Stable\".\r\n\r\n---\r\n\r\nKeywords: testing, test, new\r\n\r\nCategories: Guides", + "keywords": [ + "testing", + "test", + "new" + ], + "categories": [ + "Guides" + ] + }, + { + "title": "FAQ: How can I host a community node?", + "html_url": "https://github.com/safing/spn/issues/109", + "body": "Have a look at this guide: [Hosting a Community Node](https://docs.safing.io/spn/hosting-a-community-node)\r\n\r\n---\r\n\r\nKeywords: community, node, server, hosting, run, share\r\n\r\nCategories: SPN\r\n", + "keywords": [ + "community", + "node", + "server", + "hosting", + "run", + "share" + ], + "categories": [ + "SPN" + ] + }, + { + "title": "FAQ: How can I uninstall Portmaster?", + "html_url": "https://github.com/safing/portmaster/issues/958", + "body": "If you are uninstalling Portmaster because something did not work or did not meet your expectations, please [reach out and give us feedback!](https://safing.io/support/)\r\n\r\n#### Windows\r\n\r\nOpen the \"Add or Remove Programs\" app, find Portmaster and press \"Uninstall\".\r\n\r\nAlternatively, you can find the uninstaller at `C:\\ProgramData\\Safing\\Portmaster\\portmaster-uninstaller.exe`.\r\n\r\n#### Linux\r\n\r\nOn most systems, you can open your graphical package manager, search for \"Portmaster\" and then have it removed.\r\nDepending on your distro, this might leave your configuration intact, so if you want to fully remove everything, be sure to delete the data folder after uninstalling with `sudo rm -r /opt/safing/portmaster`.\r\n\r\nIf you installer Portmaster with the `curl | bash` script, you can also uninstall using it:\r\n\r\n```\r\n# Leave configuration data intact:\r\ncurl -fsSL https://updates.safing.io/latest/linux_all/packages/install.sh | sudo bash -s -- --uninstall\r\n\r\n# Also delete configuration data:\r\ncurl -fsSL https://updates.safing.io/latest/linux_all/packages/install.sh | sudo bash -s -- --uninstall --purge\r\n```\r\n\r\n---\r\n\r\nKeywords: remove, purge, uninstall, delete\r\n\r\nCategories: Windows, Linux\r\n", + "keywords": [ + "remove", + "purge", + "uninstall", + "delete" + ], + "categories": [ + "Windows", + "Linux" + ] + }, + { + "title": "FAQ: How do Broadcast Notifications work?", + "html_url": "https://github.com/safing/portmaster/issues/703", + "body": "Broadcast Notifications are messages broadcasted by the Portmaster Developers and Team to all Portmaster users. We use this to alert users of important updates, breaking feature changes, privacy related issues, among others.\r\n\r\nAll notifications are publicly added to [the source file](https://github.com/safing/intel-data/blob/master/portmaster/notifications.yaml) and then distributed to all Portmaster instances via our update system. Safing (the company behind Portmaster) learns nothing about the Portmaster instances themselves. No data is ever sent.\r\n\r\nRather, when your Portmaster downloads the newest broadcast notifications - alongside the filter list updates, for example - it checks if there are any broadcast notifications that were not shown yet _and_ that match certain criteria. This way we can show notifications only to those who are affected by a situation and keep the noise low for all others. The matching is always done locally and the matching data is never sent anywhere.\r\n\r\n---\r\n\r\n#### Deep Dive\r\n\r\nIf you really want to get into it, you can check out which data we use to match broadcast notifications on your device.\r\nEnable the [Development Mode](https://docs.safing.io/portmaster/settings#core/devMode) and then open http://127.0.0.1:817/api/v1/broadcasts/matching-data in your browser. This is exactly the same information as the broadcast notifications use.\r\n\r\n---\r\n\r\nKeywords: matching, information, sharing, leak, sending, privacy, private, data\r\n\r\nCategories: Other", + "keywords": [ + "matching", + "information", + "sharing", + "leak", + "sending", + "privacy", + "private", + "data" + ], + "categories": [ + "Other" + ] + }, + { + "title": "FAQ: How do I make my VPN or other software compatible with Portmaster?", + "html_url": "https://github.com/safing/portmaster/issues/708", + "body": "Portmaster deeply integrations into the network stack of your operating system in order to protect your privacy. Sometimes this can lead to problems with other software, especially VPNs.\r\n\r\nIn addition to this guide, we also [maintain a list of compatible VPNs](https://docs.safing.io/portmaster/install/status/vpn-compatibility) and [other software](https://docs.safing.io/portmaster/install/status/software-compatibility) that you can check. Some also have dedicated instructions to get them to work.\r\n\r\nNot every VPN or software will be able to work with Portmaster. See the _Limits_ section below for details on this.\r\n\r\n## Allow Connections\r\n\r\nFirst, find the VPN software in the Network Monitor in the Portmaster App and make sure all connections it makes are allowed. If you get it working, you can still block connections again to see if it can work without them.\r\n\r\nIf you don't know how to allow blocked connections, please follow this guide: https://github.com/safing/portmaster/issues/706\r\n\r\nBefore you continue, please check if your VPN or software works now. Only continue, if it does not.\r\n\r\n## Disable Seamless DNS Integration\r\n\r\nPortmaster takes great care not to break your system and as such does not make permanent changes to the network stack of your system: https://github.com/safing/portmaster/issues/702\r\n\r\nRather, in order to still seamlessly integrate, Portmaster redirects connections - mostly DNS queries - where they need to go. This can interfere with VPNs or other software that tries to do the same.\r\n\r\nIf you can disable your VPN's behavior of this, then this is recommended. If that is not possible, you can disable [Seamless DNS Integration](https://docs.safing.io/portmaster/settings#filter/dnsQueryInterception) in Portmaster. To do this, you have to:\r\n\r\n- enter the Development Interface through the [UI Mode](https://docs.safing.io/portmaster/settings#core/expertiseLevel) in the settings\r\n- set your [Feature Stability](https://docs.safing.io/portmaster/settings#core/releaseLevel) to \"Experimental\"\r\n\r\n---\r\n\r\n⚠️ If you disable [Seamless DNS Integration](https://docs.safing.io/portmaster/settings#filter/dnsQueryInterception) in Portmaster, you will need to take care of the system integration yourself!\r\n\r\n---\r\n\r\nThis means that you will need to configure the DNS server in your operating system **AND** the VPN to point to the Portmaster:\r\n- Windows: `127.0.0.1`\r\n- Linux: `127.0.0.17`\r\n\r\nPortmaster does periodic self-checks and will warn you when the integration is broken. Checks are not done so often, so they take a while to appear and to disappear.\r\n \r\nIf you want faster results for the self-check and you're experienced with computers, you can:\r\n\r\n- enter the Development Interface through the [UI Mode](https://docs.safing.io/portmaster/settings#core/expertiseLevel) in the settings\r\n- enable the [Development Mode](https://docs.safing.io/portmaster/settings#core/devMode) \r\n- open this page in your browser: http://127.0.0.1:817/api/v1/compat/self-check\r\n\r\n## Workaround\r\n\r\nIf the previous steps have not worked - or you were not confident enough to attempt them - you can try to use a generic VPN client instead of the custom application by the VPN provider.\r\n\r\nWe suggest you check if you can download an [OpenVPN client configuration or connection profile](https://openvpn.net/faq/what-is-a-client-configuration-or-connection-profile/) from your VPN. Then, [install OpenVPN](https://openvpn.net/vpn-client/) and load the supplied profile.\r\n\r\n## Report Findings\r\n\r\nIf you followed this guide and either succeeded or failed in making your VPN or software compatible, it would be great if you could report this [using this GitHub Issue template](https://github.com/safing/portmaster/issues/new?assignees=&labels=in%2Fcompatibility&template=report-compatibility.md)!\r\n\r\n## Limits\r\n\r\n### Windows\r\n\r\nPortmaster on Windows uses a kernel driver / extension in order to integrate into the network stack. Depending on how other software integrates into the network stack, there might be an unavoidable collision. Please open an issue.\r\n\r\n### Linux\r\n\r\nPortmaster on Linux uses packet and connection marks to save decisions to the network state. Other software using the same will interfere and it and Portmaster will break each other. This can only be fixed if the other software can be made to not use packet and connection marks.\r\n\r\n---\r\n\r\nKeywords: VPN, Anti-Virus, protection, kernel, extension, no internet, broken, OpenVPN, profile, configuration\r\n\r\nCategories: Compatibility", + "keywords": [ + "VPN", + "Anti-Virus", + "protection", + "kernel", + "extension", + "no internet", + "broken", + "OpenVPN", + "profile", + "configuration" + ], + "categories": [ + "Compatibility" + ] + }, + { + "title": "FAQ: How do I share debug information and logs?", + "html_url": "https://github.com/safing/portmaster/issues/705", + "body": "First of all, thanks a lot for contributing! You're probably reading this because you've been directed here and were asked to provide one of the following:\r\n\r\n- Debug Info\r\n- Logs\r\n- (Debug Logs)\r\n\r\n## Debug Info\r\n\r\nThe debug information is a collection of helpful snippets of information that Portmaster produces itself.\r\nOften, you will be asked to collect this information _while_ the reported issue is occurring. This is important, as the data is gathered live from the current state of Portmaster and will help us to see what the problem is.\r\n\r\nIf you're experiencing a problem with a certain application, it can be very helpful to copy the application-specific version of the Debug Info. This is only (easily) possible using the \"Application Page\" method explained later.\r\n\r\nWe've taken care to include as little personal information as possible in the Debug Info. You can further reduce this information by restarting the Portmaster before copying the data - if you can reproduce the issue that way too.\r\nYou are of course also free to delete parts of the data before submitting - in that case please mark the areas you have deleted with `[DELETED]`, so we know that information is missing.\r\n\r\nThere are multiple ways to acquire and share the Debug Info:\r\n\r\n### Tools Menu\r\n\r\nJust click on the \"Copy Debug Info\" button in the tools menu in the bottom left.\r\nThis copies the Debug Info to your clipboard. You can paste this directly into a Github Issue - it is automatically formatted using sections. It looks ugly in text format, but if you click on the \"Preview\" tab of your comment, you will see it nicely rendered.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/199524334-570d6958-72a8-46b2-a60d-48ca8b6e2f91.png)\r\n\r\nIt renders to something like this on GitHub:\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/175055501-f8aea6bc-41b5-4856-90b4-315596c262a4.png)\r\n\r\n### Application Page\r\n\r\nFind the affected application in the Portmaster App, then go to the \"Details\" tab and click on \"Copy Debug Information\" at the end of the page.\r\nThis copies the Debug Info to your clipboard. You can paste this directly into a Github Issue - it is automatically formatted using section. It looks ugly in text format, but if you click on the \"Preview\" tab of your comment, you will see it nicely rendered.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/175054075-0e803c67-fc54-405e-9d54-3890e7e1980a.png)\r\n\r\n### Privately Via Ticket\r\n\r\nAlternatively, you can submit the Debug Info privately via a support ticket. To do this:\r\n\r\n- Open the Portmaster App\r\n- Go to the Get Help page using the question mark button on the navigation bar on the left\r\n- Then, click on \"__Report Bug__\", and enter the following information:\r\n - Title: \"__Debug Info for Issue__\"\r\n - What Happend: Enter the __Ticket ID or Github Issue URL__.\r\n- Then click on \"Send Private Ticket\" on the bottom of the page.\r\n - You don't need to provide an email.\r\n- Notify the thread where you were asked to send the Debug Info that you've sent it.\r\n\r\n### Using cURL\r\n\r\nIf you're a Linux user, you might want to get this data directly to your terminal. You can do this with the following command - and maybe pipe it to your clipboard to a file.\r\n\r\n```\r\ncurl http://127.0.0.1:817/api/v1/debug/core\r\n```\r\n\r\nYou can find the documentation of the API endpoints here:\r\n- [Get Debug Information](https://docs.safing.io/portmaster/api#v1/debug/core)\r\n- [Get Network Debug Information](https://docs.safing.io/portmaster/api#v1/debug/network)\r\n\r\n## Logs\r\n\r\nPortmaster writes logs for all components. Logs are written in different levels to reduce sensitive information in logs and keep them in a manageable size. They are also automatically deleted after some time. \r\nYou may have been asked to change the [Log Level](https://docs.safing.io/portmaster/settings#core/log/level) before submitting the logs.\r\n\r\nPlease always provide the newest `.log` and `.error.log` files during which the reported issues occurred. \r\nYou can find the log files here:\r\n\r\nDefault Log File Locations:\r\n- Windows\r\n - Core Logs: `C:\\ProgramData\\Safing\\Portmaster\\logs\\core`\r\n - App Logs: `C:\\ProgramData\\Safing\\Portmaster\\logs\\app`\r\n - Notifier Logs: `C:\\ProgramData\\Safing\\Portmaster\\logs\\notifier`\r\n - Start Logs: `C:\\ProgramData\\Safing\\Portmaster\\logs\\start`\r\n- Linux\r\n - Core Logs: `/opt/safing/portmaster/logs/core`\r\n - App Logs: `/opt/safing/portmaster/logs/app`\r\n - Notifier Logs: `/opt/safing/portmaster/logs/notifier`\r\n - Start Logs: `/opt/safing/portmaster/logs/start`\r\n\r\nWe recommend that you upload these files to your favorite [pastebin/privatebin](https://privatebin.info/directory/) or use [our instance](https://support.safing.io/privatebin/) and add a 1-3 months expiration.\r\n\r\n## (Debug Logs)\r\n\r\nIn the past, \"Debug Logs\" has sometimes been used in conversations, but it does not clearly specify what is meant. If you are asked for this, please ask what exactly you should provide.\r\n\r\n---\r\n\r\nKeywords: collect, get, copy, extract, debugging, debug-info, debug-data, investigating, logging, logs, log-lines, record\r\n\r\nCategories: Guides", + "keywords": [ + "collect", + "get", + "copy", + "extract", + "debugging", + "debug-info", + "debug-data", + "investigating", + "logging", + "logs", + "log-lines", + "record" + ], + "categories": [ + "Guides" + ] + }, + { + "title": "FAQ: Notifications not available on Windows 7 and 8", + "html_url": "https://github.com/safing/portmaster-ui/issues/361", + "body": "We use the notification system that was added in Windows 10, as it supports actions (ie. has buttons). Windows 7 and 8 do not have any support for these buttons.\r\n\r\nNotifications may still work to some extent, but prompts will not. Please disable [Prompt Desktop Notifications](https://docs.safing.io/portmaster/settings#filter/askWithSystemNotifications).\r\n\r\n---\r\n\r\nKeywords: broken, cannot click, can't press, missing button, Microsoft\r\n\r\nCategories: Windows", + "keywords": [ + "broken", + "cannot click", + "can't press", + "missing button", + "Microsoft" + ], + "categories": [ + "Windows" + ] + }, + { + "title": "FAQ: Portmaster Core Does Not Start at Boot", + "html_url": "https://github.com/safing/portmaster/issues/956", + "body": "Some users report that the Portmaster Core Service will not start at boot, although it is configured to do so. If that is the case, you can check its status in the \"Services\" Desktop App. There, search for the Service \"Portmaster Core\" and inspect and start it as needed.\r\n\r\n---\r\n\r\nKeywords: starting, boot, startup, automatic\r\n\r\nCategories: Windows, Starting and Stopping\r\n", + "keywords": [ + "starting", + "boot", + "startup", + "automatic" + ], + "categories": [ + "Windows", + "Starting and Stopping" + ] + }, + { + "title": "FAQ: Portmaster Fails to Restart", + "html_url": "https://github.com/safing/portmaster/issues/955", + "body": "In some cases the Portmaster will fail to restart, because the Portmaster Kernel Extensions cannot be loaded and returns the error code `0x422`.\r\nThis stems from a known issue in Windows, where system services are not completely removed when something is monitoring the system services.\r\nWhen the Portmaster restarts, it is then unable to initialize the Kernel Extension, because the system thinks it is still unloading.\r\n\r\nIf you experience this issue, please follow this workaround:\r\n\r\n_Quoting from _\r\n\r\n> There may be several causes which lead to the service being stuck in β€œmarked for deletion”.\r\n>\r\n> 1. [SysInternals' Process Explorer is opened](http://blog.cyotec.com/2011/05/specified-service-has-been-marked-for.html). Closing it should lead to automatic removal of the service.\r\n>\r\n> 1. [Task Manager is opened](https://stackoverflow.com/questions/20561990/how-to-solve-the-specified-service-has-been-marked-for-deletion-error/21310096#comment32672750_20565337).\r\n>\r\n> 1. [Microsoft Management Console (MMC) is opened](https://stackoverflow.com/a/8529760/240613). To ensure all instances are closed, run `taskkill /F /IM mmc.exe`.\r\n>\r\n> 1. [Services console is opened](https://stackoverflow.com/a/21310096/240613). This is the same as the previous point, since Services console is hosted by MMC.\r\n>\r\n> 1. [Event Viewer is opened](https://stackoverflow.com/a/18467128/240613). Again, this is the same as the third point.\r\n> \r\n> 1. [The key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\\\{service name} exists](https://stackoverflow.com/a/2804099/240613).\r\n>\r\n> 1. [Someone else is logged into the server](https://stackoverflow.com/a/28632820/240613) and has one of the previously mentioned applications opened.\r\n>\r\n> 1. An instance of Visual Studio *used to debug the service* is open.\r\n\r\n---\r\n\r\nKeywords: error code, restarting, boot\r\n\r\nCategories: Windows, Starting and Stopping\r\n", + "keywords": [ + "error code", + "restarting", + "boot" + ], + "categories": [ + "Windows", + "Starting and Stopping" + ] + }, + { + "title": "FAQ: Should I use an Anti-Virus together with Portmaster?", + "html_url": "https://github.com/safing/portmaster/issues/960", + "body": "Speaking in general, __Portmaster is a privacy tool__, focusing on privacy features like DNS encryption or blocking tracking requests.\r\n\r\nAnti-Virus systems, such as Windows Defender Firewall, on the other hand are security tools. As such, they focus on security features like malware detection, which Portmaster simply does not have.\r\n\r\nPlease note the important difference:\r\n\r\n Anti-virus systems sometimes also _do privacy_, but they _focus on security_.\r\n While Portmaster also _does security_, as privacy _depends_ on security, it _focuses on privacy_.\r\n\r\nThat is why we _do not recommend_ deactivating Anti-Virus systems. We recommend having both have a security and privacy setup. Without security your perceived privacy can quickly become non-existent.\r\n\r\nHowever, research if the Anti-Virus you are using is really as good as it claims. Many security researchers have come out in the recent years, declaring that Windows Defender Firewall is good enough for most use cases and quite some other Anti-Virus systems are doing weird stuff.\r\n\r\n---\r\n\r\nKeywords: antivirus, malware protection, phishing, virus, trojan, worm, infected, infection, attacked, together, combination\r\n\r\nCategories: Privacy Filter, Compatibility\r\n", + "keywords": [ + "antivirus", + "malware protection", + "phishing", + "virus", + "trojan", + "worm", + "infected", + "infection", + "attacked", + "together", + "combination" + ], + "categories": [ + "Privacy Filter", + "Compatibility" + ] + }, + { + "title": "FAQ: What changes does Portmaster make to my system?", + "html_url": "https://github.com/safing/portmaster/issues/702", + "body": "#### Most Important\r\n\r\n- Portmaster does not do any permanent changes to your network configuration:\r\n - No network interfaces are added or changed.\r\n - No routing entries are added or changed.\r\n - No DNS server configuration is added or changed.\r\n- Required integration is done \"on-the-fly\" by redirecting packets.\r\n- When Portmaster is shut down or uninstalled, all (volatile) network integration is removed automatically.\r\n - When you still experience issues, check out #699.\r\n\r\nBesides that, changes vary depending on your operating system:\r\n\r\n#### Windows\r\n\r\n- All data is saved to `C:\\ProgramData\\Safing\\Portmaster` by default.\r\n- A system service is registered and marked to start automatically at boot.\r\n- Application entry for the Portmaster UI is added.\r\n- Application entry for the Portmaster Tray Notifiier is added and marked to start automatically at login.\r\n- Uninstall information is placed in the registry.\r\n- Read more at [Docs: Install on Windows](https://docs.safing.io/portmaster/install/windows)\r\n\r\n#### Linux\r\n\r\n- All data is saved to `/opt/safing/portmaster` by default.\r\n- Portmaster adds iptables entries on start and removes them when stopped.\r\n - This integration makes use of packet and connection marks, which likely makes Portmaster incompatible with other software attempting the same.\r\n- A systemd service file is placed at `/etc/systemd/system/portmaster.service`.\r\n- `.desktop` files are placed in `/usr/share/applications/`.\r\n- Icon is placed in `/usr/share/pixmaps/`.\r\n- Read more at [Docs: Install on Linux](https://docs.safing.io/portmaster/install/linux)\r\n\r\n---\r\n\r\nKeywords: change, modify, modification, integration, settings, registry, file, config, configuration, mess with, break\r\n\r\nCategories: Starting and Stopping", + "keywords": [ + "change", + "modify", + "modification", + "integration", + "settings", + "registry", + "file", + "config", + "configuration", + "mess with", + "break" + ], + "categories": [ + "Starting and Stopping" + ] + }, + { + "title": "FAQ: Where can I find more information on domains and IPs I see?", + "html_url": "https://github.com/safing/portmaster/issues/718", + "body": "### More about IPs\r\n\r\nIf you want to find out more about an IP you see, the first thing you can do is to increase the [User Interface Mode](https://docs.safing.io/portmaster/settings#core/expertiseLevel) to \"Advanced\". This will show you more information about the IP address.\r\n\r\nEvery IP address is part of an \"Autonomous System\" or \"AS\", which pretty much is just a organizational unit of the Internet.\r\nAn AS always has a number and a name:\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/176717333-ac025a98-4944-469a-a916-b078c5fbc867.png)\r\n\r\nPlease note that in most cases this is just the Hoster or \"Cloud\" that owns the IP address. Most often other companies \"rent\" these IP addresses. Nevertheless, this is an interesting information.\r\n\r\n### More about Domains\r\n\r\nIf you want to find out more about a domain, a good way to start is to check who owns the domain.\r\nYou can do this with this tool: https://who.is/\r\n\r\nYou can also look up the domain on VirusTotal, an anti-virus \"collective engine\" run by Google: https://www.virustotal.com/gui/home/url\r\n\r\n---\r\n\r\nKeywords: domain, whois, malware, blocklist, blacklist, intel, threats\r\n\r\nCategories: Guides", + "keywords": [ + "domain", + "whois", + "malware", + "blocklist", + "blacklist", + "intel", + "threats" + ], + "categories": [ + "Guides" + ] + }, + { + "title": "FAQ: Where is the tray icon / app indicator in GNOME?", + "html_url": "https://github.com/safing/portmaster-ui/issues/242", + "body": "GNOME 3.26 [removed the default tray icon support](https://blogs.gnome.org/aday/2017/08/31/status-icons-and-gnome/).\r\n\r\nYou'll need to install an extension that adds support for status / app indicators.\r\nWe recommend this one maintained by Ubuntu / Canonical Ltd.:\r\n- Repo: https://github.com/ubuntu/gnome-shell-extension-appindicator\r\n- Extension Page: https://extensions.gnome.org/extension/615/appindicator-support/\r\n\r\n---\r\n\r\nKeywords: tray, icon, indicator, libappindicator, libnotify, org.kde.StatusNotifierWatcher, missing, not visible, does not appear\r\n\r\nCategories: Compatibility", + "keywords": [ + "tray", + "icon", + "indicator", + "libappindicator", + "libnotify", + "org.kde.StatusNotifierWatcher", + "missing", + "not visible", + "does not appear" + ], + "categories": [ + "Compatibility" + ] + }, + { + "title": "FAQ: Why does Portmaster keep blocking connections after I close it?", + "html_url": "https://github.com/safing/portmaster/issues/719", + "body": "Portmaster is not just one process, but consists of multiple parts:\r\n\r\n- Portmaster Core Service: A system service started by your operating system.\r\n- Portmaster Tray Notifier: A small icon living in your status and notification tray.\r\n- Portmaster UI: The app you open.\r\n\r\nIf you close the app, you only close your \"window\" into what Portmaster (the Core Service) is currently doing.\r\nIn order to fully shut down Portmaster and have it stop blocking anything, you must select the option in either the app or the tray:\r\n\r\nUI - Settings Page:\r\n![image](https://user-images.githubusercontent.com/18184155/176720125-8769ad3a-a99a-4bfe-a194-37ea344042e7.png)\r\n\r\nTray Icon:\r\n![image](https://user-images.githubusercontent.com/18184155/176720369-f71391fb-3428-4cb3-ac23-f6b429324bd7.png)\r\n\r\nWhen you close the app for the first time, it clarifies what is and is not happening when closing the app.\r\n\r\nRead more about the architecture of Portmaster [on our docs](https://docs.safing.io/portmaster/architecture/overview).\r\n\r\n---\r\n\r\nKeywords: closing, shut down, shutting down, exit, minimize, blocking, completely, disable\r\n\r\nCategories: Privacy Filter", + "keywords": [ + "closing", + "shut down", + "shutting down", + "exit", + "minimize", + "blocking", + "completely", + "disable" + ], + "categories": [ + "Privacy Filter" + ] + }, + { + "title": "FAQ: Why does Portmaster send plain/unencrypted DNS queries?", + "html_url": "https://github.com/safing/portmaster/issues/700", + "body": "Portmaster takes care of protecting your DNS queries by becoming the gateway for all DNS queries on your system and then sending them through an encrypted connection to the configured DNS server.\r\n\r\nIf you are using a DNS server for your network that has a dashboard, or if the DNS service you are using discerns between encrypted and non-encrypted queries, you might notice that sometimes Portmaster sends unencrypted queries.\r\n\r\nIn order to understand why that is necessary, let's take a look at a common network structure: A free __WiFi access point in a cafΓ©__ or airport. Usually these can only be used when you __accept their Terms of Service__. In order for you to get you to read them, the network needs to somehow redirect to that.\r\nThis __needs to work even if the secure DNS server are unreachable__ - as you've not yet \"logged into\" the free network.\r\n\r\nThis is why Portmaster always __sends a handful of special domains__ - used by operating systems and browsers - __as plain DNS queries to the DNS server provided by the network__. You can find the current list of these domains [in the docs](https://docs.safing.io/portmaster/architecture/core-service/secure-dns/#connectivity-domains) or in the [source code as \"Connectivity Domains\")](https://github.com/safing/portmaster/blob/f135ec3242905b84811b26975a3458117cc2c28e/netenv/online-status.go#L53).\r\n\r\nIf you don't want these queries to go out, you can block them by enabling the setting [Ignore System/Network Servers](https://docs.safing.io/portmaster/settings#dns/noAssignedNameservers) or [Use Secure Protocols Only](https://docs.safing.io/portmaster/settings#dns/noInsecureProtocols). Please consider the side effects of enabling these settings when you do so.\r\n\r\nThe Portmaster will also attempt to detect these \"Captive Portals\" and will notify you if it finds one.\r\n\r\n---\r\n\r\nFor the time being there is also another possibility why this can happen. To make sure everything works as expected, we enabled Portmaster to fall back to the system assigned DNS servers in case all the configured DNS server failed. This is to ensure that we don't break the workflow when installing Portmaster.\r\nWe are working on a solution how to best handle this in a way that does not break setups and provides the best privacy. This is internally tracked at CC#2405.\r\n\r\n---\r\n\r\nKeywords: unencrypted query, DNS leaks, not sent, DHCP, system assigned.\r\n\r\nCategories: Leaks", + "keywords": [ + "unencrypted query", + "DNS leaks", + "not sent", + "DHCP", + "system assigned." + ], + "categories": [ + "Leaks" + ] + }, + { + "title": "FAQ: Why does the DNS Leak test say that I have a leak?", + "html_url": "https://github.com/safing/portmaster/issues/720", + "body": "Leaks test are always built for a specific service. If a leak test says you are \"leaking\", it means that your device is not configured exactly as _they expect_. If you are using Portmaster, this is most probably the case.\r\n\r\nThe easiest thing you can do is to take the IP addresses the leak test says you are leaking and enter them on this page: https://bgpview.io/\r\n\r\nThis will tell you who the IP address belongs to. __As long as this is _not_ your ISP, all is good.__\r\n\r\nSometimes you can even try to just enter the IP address in your browser and see where it leads to. Many services have small web pages set up so interested network administrators can check what the IP address is used for.\r\n\r\nIf you are confident that you are experiencing a real leak of any kind, please report it and include the following information:\r\n- The software or website you used for the test\r\n- Any leaked IP addresses (that are not yours)\r\n- Any leaked domain names / dns queries\r\n\r\n---\r\n\r\nKeywords: dns, ip, leak, leaking, VPN, not contained, astray\r\n\r\nCategories: Leaks", + "keywords": [ + "dns", + "ip", + "leak", + "leaking", + "VPN", + "not contained", + "astray" + ], + "categories": [ + "Leaks" + ] + }, + { + "title": "FAQ: Why does the SPN not connect?", + "html_url": "https://github.com/safing/spn/issues/107", + "body": "When Portmaster connects to the SPN und normal circumstances, it does not depend on a single server or on DNS. It can directly try all servers to find one it can connect to.\r\n\r\nIf you are connecting to the SPN for the first time, Portmaster downloads a set of IPs from the update server in order to bootstrap into the network. After that, it only connects directly to the network.\r\n\r\n### Troubleshooting\r\n\r\nHere are things you can try when Portmaster does not successfully connect to the SPN:\r\n\r\n#### 1. Check if your Internet connection works.\r\n\r\nDisable SPN and check if you can connect to the Internet without the SPN.\r\n\r\n#### 2. Check for Portmaster Updates.\r\n\r\nSometimes there are changes to the SPN servers that also require Portmaster to update. We wait some time to allow clients to update before deploying breaking changes, but you might just be behind too much.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187939384-181f5fa0-fa70-4fd6-b3c8-e0e9e7d98db7.png)\r\n\r\n#### 3. Re-Initialize\r\n\r\nIf none of these resulted in a successful connection to the SPN, you can also clear all caches regarding the SPN and re-initialize it.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187939868-ad73fc9e-89de-44ef-b0c5-947a2605ed75.png)\r\n\r\n#### 4. Ask for Help\r\n\r\nIf none of these steps could resolve your issue, please reach out to use and we will investigate the issue. Be sure to open the Bug Report page in the Portmaster _while_ it is trying to connect to the SPN, so that we have the correct data for analysis.\r\n\r\n---\r\n\r\nKeywords: connection, fails, failed, try, retry, trying, timeout, disconnect, unable, blocked\r\n\r\nCategories: SPN\r\n", + "keywords": [ + "connection", + "fails", + "failed", + "try", + "retry", + "trying", + "timeout", + "disconnect", + "unable", + "blocked" + ], + "categories": [ + "SPN" + ] + }, + { + "title": "FAQ: Why don't I see any notifications / prompts in my OS?", + "html_url": "https://github.com/safing/portmaster-ui/issues/272", + "body": "Portmaster uses a separate component for integration with the notification system of your OS. This is handled by the Notifier, a part of Portmaster that lives in the system or notification tray.\r\n\r\n1. Check if you can see the Portmaster Icon with the colored status dot in your system tray. If you don't see it, try starting the Portmaster User Interface.\r\n2. Check if [Desktop Notifications](https://docs.safing.io/portmaster/settings#core/useSystemNotifications) and [Prompt Desktop Notifications](https://docs.safing.io/portmaster/settings#filter/askWithSystemNotifications) are enabled in Portmaster.\r\n3. Check if Notifications are suppressed by your OS.\r\n - Windows: If you have \"Focus Assist\" set to \"Priority Only\", you need to specifically allow Portmaster to show notifications.\r\n\r\n---\r\n\r\nKeywords: notifications, prompts, status, indicator, toasts, messages, message center, broken, not showing\r\n\r\nCategories: Compatibility", + "keywords": [ + "notifications", + "prompts", + "status", + "indicator", + "toasts", + "messages", + "message center", + "broken", + "not showing" + ], + "categories": [ + "Compatibility" + ] + }, + { + "title": "FAQ: Why is my Internet or Network Access broken after shutdown or uninstall?", + "html_url": "https://github.com/safing/portmaster/issues/699", + "body": "While Portmaster integrates deeply into the network stack of your operating system, all of it is volatile - meaning that it is automatically removed when Portmaster shuts down or when Portmaster is uninstalled.\r\n\r\nHowever, there are special cases where you might loose Internet or network connectivity after shutting down or uninstalling Portmaster.\r\n\r\n### 1. DNS Configuration Issues\r\n\r\nPortmaster becomes the gateway for all DNS queries when you install it, but it does not configure itself as your DNS server in the system. Rather, it does a _soft_ integration by redirecting all DNS queries to itself.\r\n\r\nWhat can happen is that at some point - while Portmaster is installed - the DNS configuration of your system is changed or corrupted into a state that does not work. But because Portmaster is installed, it will seamlessly fix it for you, because it \"corrects\" all queries.\r\nWhen you then shutdown or uninstall Portmaster this \"fix\" is removed and you end up with a broken DNS configuration.\r\n\r\n__Please review the DNS configuration of your system.__ When in doubt, set it to _automatic_ or _DHCP_.\r\n\r\n### 2. Network Stack Issues by the Operation System\r\n\r\nIn some more extreme cases, the system might not correctly remove the integration as it should.\r\n\r\n#### Windows\r\n\r\nPortmaster marks all its network stack integrations (the Firewall Driver / Kernel Extension) as non-permanent and as such they are removed by Windows when the Portmaster shuts down or when Windows reboots.\r\n\r\nIn rare cases, however, Windows fails to correctly remove Portmaster’s network stack integration correctly, resulting in a loss of network connectivity. We have never experienced this issue ourselves and thus haven’t yet been able to take an in-depth look.\r\n\r\nThe help Windows restore network connectivity, open a Windows [cmd](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmd) as an Administrator and enter the following commands to reset your network.\r\nWarning: You might need to reconfigure any special network settings you had.\r\n\r\n netsh int ip reset\r\n netsh winsock reset catalog\r\n\r\nAfter that, reboot.\r\n\r\nIf these steps did not restore network connectivity, please report this.\r\n\r\n#### Linux\r\n\r\nPortmaster adds rules to the _iptables_ configuration in order to integrate into the network stack. These are automatically removed when Portmaster shuts down or is uninstalled. There might be rare cases, where this does not happen. Then you can remove them manually by running `sudo /opt/safing/portmaster recover-iptables` or restarting.\r\n\r\nIf there is another problem, you can try to restart the networking with the command `sudo systemctl restart networking` or the equivalent for your distribution.\r\n\r\nIf these steps did not restore network connectivity, please report this.\r\n\r\n---\r\n\r\nKeywords: lost internet, no network, timeout, after install, after shutdown, cannot access, not working, uninstall, remove, deleted, reboot, restart, broken, DNS, resolving, network issues\r\n\r\nCategories: Windows, Linux, Starting and Stopping", + "keywords": [ + "lost internet", + "no network", + "timeout", + "after install", + "after shutdown", + "cannot access", + "not working", + "uninstall", + "remove", + "deleted", + "reboot", + "restart", + "broken", + "DNS", + "resolving", + "network issues" + ], + "categories": [ + "Windows", + "Linux", + "Starting and Stopping" + ] + } +] diff --git a/_data/faq-config.yml b/_data/faq/config.yml similarity index 77% rename from _data/faq-config.yml rename to _data/faq/config.yml index 9da9135..3ef9d06 100644 --- a/_data/faq-config.yml +++ b/_data/faq/config.yml @@ -1,7 +1,10 @@ categories: - Guides - Privacy Filter + - SPN - Starting and Stopping - Compatibility - Leaks + - Windows + - Linux - Other diff --git a/_data/faq-data.json b/_data/faq/data.json similarity index 73% rename from _data/faq-data.json rename to _data/faq/data.json index 2634394..3615640 100644 --- a/_data/faq-data.json +++ b/_data/faq/data.json @@ -1,9 +1,19 @@ [ { - "body": "Portmaster is currently built for desktops that have a physical graphical interface. That said, you can run Portmaster on a server if done correctly.\r\n\r\nLet me also remind you that Portmaster is not yet stable software and things may break once in a while. Ok, let's start:\r\n\r\n### Backup Access\r\n\r\nIf in any way possible make sure and _test_ your backup access to the server in case you lock yourself out.\r\n\r\n### Prepare Config File\r\n\r\nWe'll need to write our config file ourselves and place it on the server before we install Portmaster so that we don't lock ourselves out. You can either use an existing Portmaster instance to configure your settings and then copy the `config.json` file from the data directory, or you can build it from scratch. Below is a template as a starting point. Now, let's go though the settings you want to change:\r\n\r\n- [API Listen Address](https://docs.safing.io/portmaster/settings#core/listenAddress)\r\n - By default, Portmaster only listens on localhost, change this to `0.0.0.0:817` to enable connections from anywhere.\r\n- [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints)\r\n - You need to additionally allow from where connections to the Portmaster API are allowed. Scope this a narrow as possible.\r\n - We can't configure rules for applications in `config.json`, so we add only global rules for now and can switch to per-app after install.\r\n - (First add app rule, test, and then remove the global rule!)\r\n - Also, allow other management protocols so you can still access your server, such as SSH or RDP.\r\n- [Development Mode](https://docs.safing.io/portmaster/settings#core/devMode)\r\n - ⚠️ While Portmaster has support for [API Keys](https://docs.safing.io/portmaster/settings#core/apiKeys), these are not yet supported for logging into the UI. This means you will need to activate [Development Mode](https://docs.safing.io/portmaster/settings#core/devMode) for now, to allow access the the UI.\r\n- [Automatic Updates](https://docs.safing.io/portmaster/settings#core/automaticUpdates)\r\n - Portmaster uses automatic updates to stay up to date. Depending on your use case, this might not be what you want.\r\n - We haven't yet split the automatic update system into binaries and intelligence data, so disabling this will cut you off from intelligence data updates.\r\n - Until we have support for splitting this, you should manually update regularly by pressing the \"Download Updates\" button in tools menu.\r\n\r\nIf you run Portmaster on a private network you have access to, then this might be enough. If you want to access Portmaster via a public network, more caution and work is needed.\r\n\r\n⚠️ Portmaster does not support HTTPS for the UI. You will need to take care of this yourself. We recommend using something like [Traefik](https://traefik.io/) or [Caddy](https://caddyserver.com/) as a reverse proxy for automatic HTTPS.\r\n\r\n`config.json` template with multiple options - delete the ones you don't need:\r\n```\r\n{\r\n \"core\": {\r\n \"automaticUpdates\": false,\r\n \"devMode\": true,\r\n \"expertiseLevel\": \"developer\",\r\n \"listenAddress\": \"0.0.0.0:817\"\r\n },\r\n \"filter\": {\r\n \"serviceEndpoints\": [\r\n \"+ Localhost\",\r\n \"+ * TCP/SSH # Allow remote SSH access from anywhere\",\r\n \"+ * */3389 # Allow remote RDP access from anywhere\",\r\n \"+ * TCP/817 # Allow remote access to Portmaster from anywhere\",\r\n \"+ LAN TCP/817 # Allow remote access to Portmaster from LAN only\"\r\n ]\r\n }\r\n}\r\n```\r\n\r\nYou may also want to validate the json before using your config.\r\n\r\n### Place Config File\r\n\r\n_Before_ installing we need to place to config file:\r\n\r\n- Windows: `C:\\ProgramData\\Safing\\Portmaster\\config.json`\r\n- Linux: `/opt/safing/portmaster/config.json`\r\n\r\n### Install Portmaster\r\n\r\nThen, run the installer for Portmaster on the server. If everything went well, then you should still have access to your server and to the Portmaster UI in the way you configured.\r\n\r\n----\r\n\r\nKeywords: server, automatic updates, production, remote access, API, HTTP, authentication\r\n\r\nCategories: Compatibility", + "body": "Portmaster is currently built for desktops that have a physical graphical interface. That said, you can run Portmaster on a server if done correctly.\r\n\r\n### Backup Access\r\n\r\nIf in any way possible make sure and _test_ your backup access to the server in case you lock yourself out.\r\n\r\n### Prepare Config File\r\n\r\nWe'll need to write our config file ourselves and place it on the server before we install Portmaster so that we don't lock ourselves out. You can either use an existing Portmaster instance to configure your settings and then copy the `config.json` file from the data directory, or you can build it from scratch. Below is a template as a starting point. Now, let's go though the settings you want to change:\r\n\r\n- [API Listen Address](https://docs.safing.io/portmaster/settings#core/listenAddress)\r\n - By default, Portmaster only listens on localhost, change this to `0.0.0.0:817` to enable connections from anywhere.\r\n- [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints)\r\n - You need to additionally allow from where connections to the Portmaster API are allowed. Scope this a narrow as possible.\r\n - We can't configure rules for applications in `config.json`, so we add only global rules for now and can switch to per-app after install.\r\n - (First add app rule, test, and then remove the global rule!)\r\n - Also, allow other management protocols so you can still access your server, such as SSH or RDP.\r\n- [Development Mode](https://docs.safing.io/portmaster/settings#core/devMode)\r\n - ⚠️ While Portmaster has support for [API Keys](https://docs.safing.io/portmaster/settings#core/apiKeys), these are not yet supported for logging into the UI. This means you will need to activate [Development Mode](https://docs.safing.io/portmaster/settings#core/devMode) for now, to allow access the the UI.\r\n- [Automatic Updates](https://docs.safing.io/portmaster/settings#core/automaticUpdates)\r\n - Portmaster uses automatic updates to stay up to date. Depending on your use case, this might not be what you want.\r\n - We haven't yet split the automatic update system into binaries and intelligence data, so disabling this will cut you off from intelligence data updates.\r\n - Until we have support for splitting this, you should manually update regularly by pressing the \"Download Updates\" button in tools menu.\r\n\r\nIf you run Portmaster on a private network you have access to, then this might be enough. If you want to access Portmaster via a public network, more caution and work is needed.\r\n\r\n⚠️ Portmaster does not support HTTPS for the UI. You will need to take care of this yourself. We recommend using something like [Traefik](https://traefik.io/) or [Caddy](https://caddyserver.com/) as a reverse proxy for automatic HTTPS.\r\n\r\n`config.json` template with multiple options - delete the ones you don't need:\r\n```\r\n{\r\n \"core\": {\r\n \"automaticUpdates\": false,\r\n \"devMode\": true,\r\n \"expertiseLevel\": \"developer\",\r\n \"listenAddress\": \"0.0.0.0:817\"\r\n },\r\n \"filter\": {\r\n \"serviceEndpoints\": [\r\n \"+ Localhost\",\r\n \"+ * TCP/SSH # Allow remote SSH access from anywhere\",\r\n \"+ * */3389 # Allow remote RDP access from anywhere\",\r\n \"+ * TCP/817 # Allow remote access to Portmaster from anywhere\",\r\n \"+ LAN TCP/817 # Allow remote access to Portmaster from LAN only\"\r\n ]\r\n }\r\n}\r\n```\r\n\r\nYou may also want to validate the json before using your config.\r\n\r\n### Place Config File\r\n\r\n_Before_ installing we need to place to config file:\r\n\r\n- Windows: `C:\\ProgramData\\Safing\\Portmaster\\config.json`\r\n- Linux: `/opt/safing/portmaster/config.json`\r\n\r\n### Install Portmaster\r\n\r\nThen, run the installer for Portmaster on the server. If everything went well, then you should still have access to your server and to the Portmaster UI in the way you configured.\r\n\r\n----\r\n\r\nKeywords: server, automatic updates, production, remote access, API, HTTP, authentication\r\n\r\nCategories: Compatibility", "title": "FAQ: Can I run Portmaster on a server?", "url": "https://github.com/safing/portmaster/issues/707" }, + { + "body": "Community Nodes are servers not hosted by Safing, but by the Portmaster and SPN community. Except for one aspect, community nodes are treated exactly the same as nodes operated by Safing.\r\n\r\nThe only difference is, that network connections that are not encrypted by themselves, like plain HTTP, will never exit the network at community nodes. Instead, they exit the network at specially trusted servers, which are a subset of the servers operated by Safing.\r\n\r\nCommunity nodes will therefore never see any connection contents, as the connections are always encrypted for the destination server. This makes community nodes safe to use. Not only are they safe to use, but they are recommended, as they provide even better privacy due to more diverse server ownership in the nodes you use.\r\n\r\n---\r\n\r\nKeywords: exit node, traffic sniffing, connections\r\n\r\nCategories: SPN", + "title": "FAQ: Can community nodes see my traffic?", + "url": "https://github.com/safing/spn/issues/108" + }, + { + "body": "We have updated some default values for settings to make allowing incoming connections a lot easier:\r\n\r\nThe [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints) now follow the [Default Network Action](https://docs.safing.io/portmaster/settings#filter/defaultAction) (default: allow), making them work the same as [Outgoing Rules](https://docs.safing.io/portmaster/settings#filter/endpoints). To still block incoming connections, [Force Block Incoming Connections](https://docs.safing.io/portmaster/settings#filter/blockInbound) is now enabled globally by default. You can easily create exceptions in app settings to allow incoming connections! Please review your settings.\r\n\r\nPreviously, you had to add a rule to the [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints) in order to allow incoming connections, but this is non-trivial, as you had to first understand how rules work and written.\r\nIf you used rules in the past to allow incoming connections, these might now be blocked because of this change. In order to allow your incoming connections again, just head to the affected app and disable [Force Block Incoming Connections](https://docs.safing.io/portmaster/settings#filter/blockInbound) and everything should work as before.\r\n\r\nIf that happens to you, please also review your existing [Incoming Rules](https://docs.safing.io/portmaster/settings#filter/serviceEndpoints) and possibly restrict them by selecting \"Block everything else\" from the \"Quick Settings\" dropdown at the setting.\r\nAlternatively, you can easily block the network scopes that your app does not need with [Force Block Internet Access](https://docs.safing.io/portmaster/settings#filter/blockInternet) and [Force Block LAN](https://docs.safing.io/portmaster/settings#filter/blockLAN), which also apply to outgoing connections.\r\n\r\nPortmaster will also warn you once a week if you have disabled [Force Block Incoming Connections](https://docs.safing.io/portmaster/settings#filter/blockInbound) globally. So, just in case you configure Portmaster in a bad way, it will warn you about it.\r\n\r\n---\r\n\r\nKeywords: incoming, blocked, broken after update, as of version, inbound\r\n\r\nCategories: Privacy Filter\r\n", + "title": "FAQ: Default Settings for Incoming Connections CHANGED in v0.9.6", + "url": "https://github.com/safing/portmaster/issues/886" + }, { "body": "Portmaster is registered as a system service and starts immediately at boot - even _before_ you log into your user account. This means that it generally starts before any other of your programs.\r\nPlease note that the tray icon / app indicator is a separate process and is _no indication_ for the Portmaster has started, as it is only started _after_ login.\r\n\r\nBesides that, there are some subtle differences depending your operating system:\r\n\r\n#### Windows\r\n\r\nThe Windows system service of Portmaster is started as a regular service. The service then initialized the kernel driver / extension to integrate into the network stack. This means that Portmaster is currently started after the boot process of the Window Kernel is completed.\r\n\r\nThis means that, currently, some Windows services have a short head start before Portmaster. Tests on Windows 11 have shown these services to be able to communicate before Portmaster is ready:\r\n- NetBIOS querying the network with a connection to `255.255.255.255 UDP/137`.\r\n- Connectivity check with a connection to `β€Žwww.msftconnecttest.com`.\r\n\r\nFuture Improvement: After Portmaster has started for the first time, there will be an option to \"persist\" the Portmaster kernel driver, so that it is started with the kernel and blocks _all connectivity_ until the Portmaster is fully ready. This is tricky as it can _easily_ break your network connectivity or lead to a BSOD.\r\n\r\n#### Linux\r\n\r\nThe systemd service of the Portmaster is configured to be started before the network and name resolution. This means that the protection is started before the network connectivity is enabled:\r\n\r\n```\r\nBefore=nss-lookup.target network.target\r\n```\r\n\r\nFuture Improvement: After we have implemented direct support for systemd, we will be able to use the `WantedBy` configuration option, which will make systemd properly wait until the Portmaster has fully started before continuing with other services, mitigating any possibility of race conditions.\r\n\r\n---\r\n\r\nKeywords: boot, reboot, start, first, before, early, not yet, protect, enabled, started, everything else, anything else, block everything\r\n\r\nCategories: Starting and Stopping", "title": "FAQ: Does Portmaster protect on startup?", @@ -14,16 +24,41 @@ "title": "FAQ: Does Portmaster support IPv6?", "url": "https://github.com/safing/portmaster/issues/778" }, + { + "body": "You can link your Discord ID to your Portmaster account in order to gain access to private channels as well as gaining the sweet user flair on all your posts:\r\n![image](https://user-images.githubusercontent.com/11504285/195292347-c895c904-f999-428a-b4f1-72776ac8cb57.png)\r\n\r\n### Get your Discord ID\r\nYour discord ID is NOT your user name, and most people have never seen it.\r\nWe might update the bot in the future to retrieve this ID automatically, but for now you will have to jump through some hoops to get your ID.\r\n**1. Go to settings**\r\n![image](https://user-images.githubusercontent.com/11504285/195293428-66ba2648-40d4-4d7c-b636-b1cd92b00b59.png)\r\n**2. Open Advanced**\r\n![image](https://user-images.githubusercontent.com/11504285/195293524-a40225f6-1199-4d0c-b7cc-7f550fe3d7c2.png)\r\n**3. Activate \"Developer Mode\"**\r\n![image](https://user-images.githubusercontent.com/11504285/195293614-f6515c35-bc55-4008-865c-5f7d33fa81bd.png)\r\n**4. \"Copy ID\" from your \"My Account\" Page**\r\n![image](https://user-images.githubusercontent.com/11504285/195293877-317257d1-442c-405a-9628-f72412db45b2.png)\r\n\r\n### Add your ID to your Portmaster Account\r\n\r\nAfter logging into your Portmaster Account at https://account.safing.io/:\r\n\r\n**1. Go to \"Account and Password**\r\n![image](https://user-images.githubusercontent.com/11504285/195294507-9de25198-7257-4924-acf0-6c5c0043b765.png)\r\n**2. Enter your Discord ID**\r\n![image](https://user-images.githubusercontent.com/11504285/195294778-1570d97b-d40a-4fda-805e-a4ec788d2b69.png)\r\n**3. Confirm Change with Password**\r\n![image](https://user-images.githubusercontent.com/11504285/195294941-1a25dc88-f4a5-44a8-be91-544ba1b6799d.png)\r\n\r\nThe update in Discord should be immediate.\r\nNote that Reddit can be filled out already but this feature is not available yet. \r\n\r\n---\r\n\r\nKeywords: Discord, Account, Flair, User,\r\n\r\nCategories: Guides, Account", + "title": "FAQ: How can I add my Discord ID to my Portmaster Account?", + "url": "https://github.com/safing/portmaster/issues/936" + }, { "body": "Portmaster is all about protecting your privacy. This also means that it may block something that you want to allow. Here's how you do it:\r\n\r\n## 1. Find the blocked connection in the Network Monitor\r\n\r\nBefore we can try to fix anything, we need to find the connection that is blocked in the Network Monitor. To do this, open the Portmaster App, which will start with the Network Monitor already open.\r\n\r\nThen, find the application that you are having trouble with. Sometimes applications are split into multiple sub-parts, so you might need to click around. If you see an application that has at least a little bit of a grey bar, it means that at least one connection is blocked:\r\n![image](https://user-images.githubusercontent.com/18184155/175247736-9961ea93-be13-4624-9278-76beba26f80d.png)\r\n\r\nIf you have found the application, open it and search for the blocked connection, which are marked with a red dot:\r\n![image](https://user-images.githubusercontent.com/18184155/175248225-5842969e-d603-4e0f-8d7a-815c115ee9ed.png)\r\n\r\nIf your connections are grouped in some way, again look out for the grey parts of the bar:\r\n![image](https://user-images.githubusercontent.com/18184155/175247736-9961ea93-be13-4624-9278-76beba26f80d.png)\r\n\r\nIf you found a connection that was blocked and looks like the one that you'd rather allow, continue to the next step:\r\n\r\n## 2. Find out why it is blocked\r\n\r\nTo get more information about the blocked connection, click on it to open the details:\r\n![image](https://user-images.githubusercontent.com/18184155/175249877-db0c0ff7-ec4e-41ad-916a-7c78f60f4544.png)\r\n\r\nIn addition to many other details (also depending on your [User Interface Mode](https://docs.safing.io/portmaster/settings#core/expertiseLevel)), you can see \"Applied Setting\" in the bottom left of this section.\r\nThis tells you which setting was responsible for blocking this connection.\r\n\r\n## 3. Allow the connection\r\n\r\nIn order to allow this connection, you now have two options:\r\n1. Add an exception for this connection (recommended), or\r\n2. Change the responsible setting\r\n\r\n### 3.1. Add an exception for this connection\r\n\r\nIn order to add an exception for this domain, just press the button at the bottom left of the connection section:\r\n![image](https://user-images.githubusercontent.com/18184155/175252873-b246c6a9-c326-4526-a946-537bca8c2d7a.png)\r\n\r\nIf you then go to the settings of the application, you will see that a new rule was added:\r\n![image](https://user-images.githubusercontent.com/18184155/175253147-4a692177-1de3-4cf5-90c6-7f4b6938ee66.png)\r\n\r\nIf the \"Allow Domain\" or \"Allow IP\" button is disabled, this means that an exception is not possible and that you must change the responsible setting:\r\n\r\n### 3.2. Change the responsible setting\r\n\r\nBefore you change the setting, you must decide whether you want to change the settings for this app only (recommended) or globally for all apps (which don't have this setting configured differently).\r\n\r\nPressing the corresponding button will take you to the responsible setting:\r\n![image](https://user-images.githubusercontent.com/18184155/175252694-7676ed7e-f356-46ff-a6fb-3847d857c0ef.png)\r\n\r\nHow to change the setting heavily depends on the setting itself, so the best way to go forward is to read the description by clicking on the (i) icon:\r\n![image](https://user-images.githubusercontent.com/18184155/175254095-1fc018b1-5451-4f71-a2b3-1113b9beec86.png)\r\n\r\nGenerally, we try to make all settings provide more protection by turning them \"on\", so in most cases turning off a setting will allow the connection.\r\n\r\nIn case there are multiple settings that block a connection, you might need to repeat this process.\r\n\r\n---\r\n\r\nKeywords: allow, exception, unbreak, unblock, not block, stop blocking, deny, denied, dropped, permit, connection, DNS request\r\n\r\nCategories: Guides, Privacy Filter", "title": "FAQ: How can I allow a blocked connection?", "url": "https://github.com/safing/portmaster/issues/706" }, { - "body": "If you want to help testing Portmaster and want to give earlier feedback on new features, you can switch to the [\"Beta\" Release Channel](https://docs.safing.io/portmaster/settings#core/releaseChannel).\r\n\r\n__Please be sure to always report problems that arise, so we can quickly find and fix them!__\r\n__Also, general feedback on changes are always very welcome!__\r\n\r\nIf you experience problems, you can always switch back to \"Stable\".\r\n\r\n⚠️ Though Portmaster has not reached the v1.0 release, it already uses the final release channels. This means that β€œStable” is the current baseline and β€œBeta” is more unstable.\r\n\r\n---\r\n\r\nCategories: Guides", + "body": "Applications can easily be excluded from the SPN by either using the quick setting in the app page header, or in the settings:\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187927360-3f1290d2-a4da-45d9-aa33-3f65f46bd1cf.png)\r\n\r\nor\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187927728-3197860c-f04d-45d8-ad96-70d642f0f8e4.png)\r\n\r\n---\r\n\r\nKeywords: route, routing, not go through, enable, disable, exclude, include, decide, connection, tunnel\r\n\r\nCategories: SPN", + "title": "FAQ: How can I enable or disable the SPN for just one application?", + "url": "https://github.com/safing/spn/issues/105" + }, + { + "body": "You can easily exclude any Domain or IP address from the SPN by using the [SPN Rules](https://docs.safing.io/portmaster/settings#spn/usagePolicy). It is a rule list similar to the others and applies the first entry that matches.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187923583-c5392177-9ffa-4ad8-a53a-fd4061237878.png)\r\n\r\n---\r\n\r\nKeywords: route, routing, not go through, enable, disable, exclude, include, decide, connection, tunnel\r\n\r\nCategories: SPN", + "title": "FAQ: How can I exclude a Domain or IP address from the SPN?", + "url": "https://github.com/safing/spn/issues/104" + }, + { + "body": "The Local Network (LAN) is always excluded from the SPN, as servers in the SPN cannot access your local network.\r\n\r\nVPNs do not differentiate between networks without special configuration.\r\n\r\n---\r\n\r\nKeywords: route, routing, not go through, enable, disable, exclude, include, decide, connection, tunnel\r\n\r\nCategories: SPN", + "title": "FAQ: How can I exclude the Local Network (LAN) from the SPN?", + "url": "https://github.com/safing/spn/issues/106" + }, + { + "body": "If you want to help testing Portmaster and want to give earlier feedback on new features, you can switch to the [\"Beta\" Release Channel](https://docs.safing.io/portmaster/settings#core/releaseChannel).\r\n\r\n__Please be sure to always report problems that arise, so we can quickly find and fix them!__\r\n__Also, general feedback on changes are always very welcome!__\r\n\r\nIf you experience problems, you can always switch back to \"Stable\".\r\n\r\n---\r\n\r\nCategories: Guides", "title": "FAQ: How can I help testing Portmaster?", "url": "https://github.com/safing/portmaster/issues/717" }, + { + "body": "Have a look at this guide: [Hosting a Community Node](https://docs.safing.io/spn/hosting-a-community-node)\r\n\r\n---\r\n\r\nKeywords: community, node, server, hosting, run, share\r\n\r\nCategories: SPN\r\n", + "title": "FAQ: How can I host a community node?", + "url": "https://github.com/safing/spn/issues/109" + }, { "body": "Broadcast Notifications are messages broadcasted by the Portmaster Developers and Team to all Portmaster users. We use this to alert users of important updates, breaking feature changes, privacy related issues, among others.\r\n\r\nAll notifications are publicly added to [the source file](https://github.com/safing/intel-data/blob/master/portmaster/notifications.yaml) and then distributed to all Portmaster instances via our update system. Safing (the company behind Portmaster) learns nothing about the Portmaster instances themselves. No data is ever sent.\r\n\r\nRather, when your Portmaster downloads the newest broadcast notifications - alongside the filter list updates, for example - it checks if there are any broadcast notifications that were not shown yet _and_ that match certain criteria. This way we can show notifications only to those who are affected by a situation and keep the noise low for all others. The matching is always done locally and the matching data is never sent anywhere.\r\n\r\n---\r\n\r\n#### Deep Dive\r\n\r\nIf you really want to get into it, you can check out which data we use to match broadcast notifications on your device.\r\nEnable the [Development Mode](https://docs.safing.io/portmaster/settings#core/devMode) and then open http://127.0.0.1:817/api/v1/broadcasts/matching-data in your browser. This is exactly the same information as the broadcast notifications use.\r\n\r\n---\r\n\r\nKeywords: matching, information, sharing, leak, sending, privacy, private, data\r\n\r\nCategories: Other", "title": "FAQ: How do Broadcast Notifications work?", @@ -39,6 +74,21 @@ "title": "FAQ: How do I share debug information and logs?", "url": "https://github.com/safing/portmaster/issues/705" }, + { + "body": "We use the notification system that was added in Windows 10, as it supports actions (ie. has buttons). Windows 7 and 8 do not have any support for these buttons.\r\n\r\nNotifications may still work to some extent, but prompts will not. Please disable [Prompt Desktop Notifications](https://docs.safing.io/portmaster/settings#filter/askWithSystemNotifications).\r\n\r\n---\r\n\r\nKeywords: broken, cannot click, can't press, missing button, Microsoft\r\n\r\nCategories: Windows", + "title": "FAQ: Notifications not available on Windows 7 and 8", + "url": "https://github.com/safing/portmaster-ui/issues/361" + }, + { + "body": "Some users report that the Portmaster Core Service will not start at boot, although it is configured to do so. If that is the case, you can check its status in the \"Services\" Desktop App. There, search for the Service \"Portmaster Core\" and inspect and start it as needed.\r\n\r\n---\r\n\r\nKeywords: starting, boot, startup, automatic\r\n\r\nCategories: Windows, Starting and Stopping\r\n", + "title": "FAQ: Portmaster Core Does Not Start at Boot", + "url": "https://github.com/safing/portmaster/issues/956" + }, + { + "body": "In some cases the Portmaster will fail to restart, because the Portmaster Kernel Extensions cannot be loaded and returns the error code `0x422`.\r\nThis stems from a known issue in Windows, where system services are not completely removed when something is monitoring the system services.\r\nWhen the Portmaster restarts, it is then unable to initialize the Kernel Extension, because the system thinks it is still unloading.\r\n\r\nIf you experience this issue, please follow this workaround:\r\n\r\n_Quoting from _\r\n\r\n> There may be several causes which lead to the service being stuck in β€œmarked for deletion”.\r\n>\r\n> 1. [SysInternals' Process Explorer is opened](http://blog.cyotec.com/2011/05/specified-service-has-been-marked-for.html). Closing it should lead to automatic removal of the service.\r\n>\r\n> 1. [Task Manager is opened](https://stackoverflow.com/questions/20561990/how-to-solve-the-specified-service-has-been-marked-for-deletion-error/21310096#comment32672750_20565337).\r\n>\r\n> 1. [Microsoft Management Console (MMC) is opened](https://stackoverflow.com/a/8529760/240613). To ensure all instances are closed, run `taskkill /F /IM mmc.exe`.\r\n>\r\n> 1. [Services console is opened](https://stackoverflow.com/a/21310096/240613). This is the same as the previous point, since Services console is hosted by MMC.\r\n>\r\n> 1. [Event Viewer is opened](https://stackoverflow.com/a/18467128/240613). Again, this is the same as the third point.\r\n> \r\n> 1. [The key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\\\{service name} exists](https://stackoverflow.com/a/2804099/240613).\r\n>\r\n> 1. [Someone else is logged into the server](https://stackoverflow.com/a/28632820/240613) and has one of the previously mentioned applications opened.\r\n>\r\n> 1. An instance of Visual Studio *used to debug the service* is open.\r\n\r\n---\r\n\r\nKeywords: error code, restarting, boot\r\n\r\nCategories: Windows, Starting and Stopping\r\n", + "title": "FAQ: Portmaster Fails to Restart", + "url": "https://github.com/safing/portmaster/issues/955" + }, { "body": "#### Most Important\r\n\r\n- Portmaster does not do any permanent changes to your network configuration:\r\n - No network interfaces are added or changed.\r\n - No routing entries are added or changed.\r\n - No DNS server configuration is added or changed.\r\n- Required integration is done \"on-the-fly\" by redirecting packets.\r\n- When Portmaster is shut down or uninstalled, all (volatile) network integration is removed automatically.\r\n - When you still experience issues, check out #699.\r\n\r\nBesides that, changes vary depending on your operating system:\r\n\r\n#### Windows\r\n\r\n- All data is saved to `C:\\ProgramData\\Safing\\Portmaster` by default.\r\n- A system service is registered and marked to start automatically at boot.\r\n- Application entry for the Portmaster UI is added.\r\n- Application entry for the Portmaster Tray Notifiier is added and marked to start automatically at login.\r\n- Uninstall information is placed in the registry.\r\n- Read more at [Docs: Install on Windows](https://docs.safing.io/portmaster/install/windows)\r\n\r\n#### Linux\r\n\r\n- All data is saved to `/opt/safing/portmaster` by default.\r\n- Portmaster adds iptables entries on start and removes them when stopped.\r\n - This integration makes use of packet and connection marks, which likely makes Portmaster incompatible with other software attempting the same.\r\n- A systemd service file is placed at `/etc/systemd/system/portmaster.service`.\r\n- `.desktop` files are placed in `/usr/share/applications/`.\r\n- Icon is placed in `/usr/share/pixmaps/`.\r\n- Read more at [Docs: Install on Linux](https://docs.safing.io/portmaster/install/linux)\r\n\r\n---\r\n\r\nKeywords: change, modify, modification, integration, settings, registry, file, config, configuration, mess with, break\r\n\r\nCategories: Starting and Stopping", "title": "FAQ: What changes does Portmaster make to my system?", @@ -60,7 +110,7 @@ "url": "https://github.com/safing/portmaster/issues/719" }, { - "body": "Portmaster takes care of protecting your DNS queries by becoming the gateway for all DNS queries on your system and then sending them through an encrypted connection to the configured DNS server.\r\n\r\nIf you are using a DNS server for your network that has a dashboard, or if the DNS service you are using discerns between encrypted and non-encrypted queries, you might notice that sometimes Portmaster sends unencrypted queries.\r\n\r\nIn order to understand why that is necessary, let's take a look at a common network structure: A free __WiFi access point in a cafΓ©__ or airport. Usually these can only be used when you __accept their Terms of Service__. In order for you to get you to read them, the network needs to somehow redirect to that.\r\nThis __needs to work even if the secure DNS server are unreachable__ - as you've not yet \"logged into\" the free network.\r\n\r\nThis is why Portmaster always __sends a handful of special domains__ - used by operating systems and browsers - __as plain DNS queries to the DNS server provided by the network__. You can find the current list of these domains [in the docs](https://docs.safing.io/portmaster/architecture/core-service/secure-dns/#connectivity-domains) or in the [source code as \"Connectivity Domains\")](https://github.com/safing/portmaster/blob/f135ec3242905b84811b26975a3458117cc2c28e/netenv/online-status.go#L53).\r\n\r\nIf you don't want these queries to go out, you can block them by enabling the setting [Ignore System/Network Servers](https://docs.safing.io/portmaster/settings#dns/noAssignedNameservers) or [Use Secure Protocols Only](https://docs.safing.io/portmaster/settings#dns/noInsecureProtocols). Please consider the side effects of enabling these settings when you do so.\r\n\r\nThe Portmaster will also attempt to detect these \"Captive Portals\" and will notify you if it finds one.\r\n\r\n---\r\n\r\nFor the time being there is also another possibility why this can happen. While getting Portmaster stable and making sure everything works as expected, we enabled Portmaster to fall back to the system assigned DNS servers in case all the configured DNS server failed. This is to ensure that we don't break the workflow of our users while moving forward. We are currently working on a solution how to handle this nicely. This is internally tracked at CC#2405.\r\n\r\n---\r\n\r\nKeywords: unencrypted query, DNS leaks, not sent, DHCP, system assigned.\r\n\r\nCategories: Leaks", + "body": "Portmaster takes care of protecting your DNS queries by becoming the gateway for all DNS queries on your system and then sending them through an encrypted connection to the configured DNS server.\r\n\r\nIf you are using a DNS server for your network that has a dashboard, or if the DNS service you are using discerns between encrypted and non-encrypted queries, you might notice that sometimes Portmaster sends unencrypted queries.\r\n\r\nIn order to understand why that is necessary, let's take a look at a common network structure: A free __WiFi access point in a cafΓ©__ or airport. Usually these can only be used when you __accept their Terms of Service__. In order for you to get you to read them, the network needs to somehow redirect to that.\r\nThis __needs to work even if the secure DNS server are unreachable__ - as you've not yet \"logged into\" the free network.\r\n\r\nThis is why Portmaster always __sends a handful of special domains__ - used by operating systems and browsers - __as plain DNS queries to the DNS server provided by the network__. You can find the current list of these domains [in the docs](https://docs.safing.io/portmaster/architecture/core-service/secure-dns/#connectivity-domains) or in the [source code as \"Connectivity Domains\")](https://github.com/safing/portmaster/blob/f135ec3242905b84811b26975a3458117cc2c28e/netenv/online-status.go#L53).\r\n\r\nIf you don't want these queries to go out, you can block them by enabling the setting [Ignore System/Network Servers](https://docs.safing.io/portmaster/settings#dns/noAssignedNameservers) or [Use Secure Protocols Only](https://docs.safing.io/portmaster/settings#dns/noInsecureProtocols). Please consider the side effects of enabling these settings when you do so.\r\n\r\nThe Portmaster will also attempt to detect these \"Captive Portals\" and will notify you if it finds one.\r\n\r\n---\r\n\r\nFor the time being there is also another possibility why this can happen. To make sure everything works as expected, we enabled Portmaster to fall back to the system assigned DNS servers in case all the configured DNS server failed. This is to ensure that we don't break the workflow when installing Portmaster.\r\nWe are working on a solution how to best handle this in a way that does not break setups and provides the best privacy. This is internally tracked at CC#2405.\r\n\r\n---\r\n\r\nKeywords: unencrypted query, DNS leaks, not sent, DHCP, system assigned.\r\n\r\nCategories: Leaks", "title": "FAQ: Why does Portmaster send plain/unencrypted DNS queries?", "url": "https://github.com/safing/portmaster/issues/700" }, @@ -69,13 +119,18 @@ "title": "FAQ: Why does the DNS Leak test say that I have a leak?", "url": "https://github.com/safing/portmaster/issues/720" }, + { + "body": "When Portmaster connects to the SPN und normal circumstances, it does not depend on a single server or on DNS. It can directly try all servers to find one it can connect to.\r\n\r\nIf you are connecting to the SPN for the first time, Portmaster downloads a set of IPs from the update server in order to bootstrap into the network. After that, it only connects directly to the network.\r\n\r\n### Troubleshooting\r\n\r\nHere are things you can try when Portmaster does not successfully connect to the SPN:\r\n\r\n#### 1. Check if your Internet connection works.\r\n\r\nDisable SPN and check if you can connect to the Internet without the SPN.\r\n\r\n#### 2. Check for Portmaster Updates.\r\n\r\nSometimes there are changes to the SPN servers that also require Portmaster to update. We wait some time to allow clients to update before deploying breaking changes, but you might just be behind too much.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187939384-181f5fa0-fa70-4fd6-b3c8-e0e9e7d98db7.png)\r\n\r\n#### 3. Re-Initialize\r\n\r\nIf none of these resulted in a successful connection to the SPN, you can also clear all caches regarding the SPN and re-initialize it.\r\n\r\n![image](https://user-images.githubusercontent.com/18184155/187939868-ad73fc9e-89de-44ef-b0c5-947a2605ed75.png)\r\n\r\n#### 4. Ask for Help\r\n\r\nIf none of these steps could resolve your issue, please reach out to use and we will investigate the issue. Be sure to open the Bug Report page in the Portmaster _while_ it is trying to connect to the SPN, so that we have the correct data for analysis.\r\n\r\n---\r\n\r\nKeywords: connection, fails, failed, try, retry, trying, timeout, disconnect, unable, blocked\r\n\r\nCategories: SPN\r\n", + "title": "FAQ: Why does the SPN not connect?", + "url": "https://github.com/safing/spn/issues/107" + }, { "body": "Portmaster uses a separate component for integration with the notification system of your OS. This is handled by the Notifier, a part of Portmaster that lives in the system or notification tray.\r\n\r\n1. Check if you can see the Portmaster Icon with the colored status dot in your system tray. If you don't see it, try starting the Portmaster User Interface.\r\n2. Check if [Desktop Notifications](https://docs.safing.io/portmaster/settings#core/useSystemNotifications) and [Prompt Desktop Notifications](https://docs.safing.io/portmaster/settings#filter/askWithSystemNotifications) are enabled in Portmaster.\r\n3. Check if Notifications are suppressed by your OS.\r\n - Windows: If you have \"Focus Assist\" set to \"Priority Only\", you need to specifically allow Portmaster to show notifications.\r\n\r\n---\r\n\r\nKeywords: notifications, prompts, status, indicator, toasts, messages, message center, broken, not showing\r\n\r\nCategory: Compatibility", "title": "FAQ: Why don't I see any notifications / prompts in my OS?", "url": "https://github.com/safing/portmaster-ui/issues/272" }, { - "body": "While Portmaster integrates deeply into the network stack of your operating system, all of it is volatile - meaning that it is automatically removed when Portmaster shuts down or when Portmaster is uninstalled.\r\n\r\nHowever, there are special cases where you might loose Internet or network connectivity after shutting down or uninstalling Portmaster.\r\n\r\n### 1. DNS Configuration Issues\r\n\r\nPortmaster becomes the gateway for all DNS queries when you install it, but it does not configure itself as your DNS server in the system. Rather, it does a _soft_ integration by redirecting all DNS queries to itself.\r\n\r\nWhat can happen is that at some point - while Portmaster is installed - the DNS configuration of your system is changed or corrupted into a state that does not work. But because Portmaster is installed, it will seamlessly fix it for you, because it \"corrects\" all queries.\r\nWhen you then shutdown or uninstall Portmaster this \"fix\" is removed and you end up with a broken DNS configuration.\r\n\r\n__Please review the DNS configuration of your system.__ When in doubt, set it to _automatic_ or _DHCP_.\r\n\r\n### 2. Network Stack Issues by the Operation System\r\n\r\nIn some more extreme cases, the system might not correctly remove the integration as it should.\r\n\r\n#### Windows\r\n\r\nPortmaster marks all its network stack integrations (the Firewall Driver / Kernel Extension) as non-permanent and as such they are removed by Windows when the Portmaster shuts down or when Windows reboots.\r\n\r\nIn rare cases, however, Windows fails to correctly remove Portmaster’s network stack integration correctly, resulting in a loss of network connectivity. We have never experienced this issue ourselves and thus haven’t yet been able to take an in-depth look.\r\n\r\nThe help Windows restore network connectivity, open a Windows [cmd](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmd) as an Administrator and enter the following commands to reset your network.\r\nWarning: You might need to reconfigure any special network settings you had.\r\n\r\n netsh int ip reset\r\n netsh winsock reset catalog\r\n\r\nAfter that, reboot.\r\n\r\nIf these steps did not restore network connectivity, please report this.\r\n\r\n#### Linux\r\n\r\nPortmaster adds rules to the _iptables_ configuration in order to integrate into the network stack. These are automatically removed when Portmaster shuts down or is uninstalled. There might be rare cases, where this does not happen. Then you can remove them manually by running `sudo /opt/safing/portmaster recover-iptables` or restarting.\r\n\r\nIf there is another problem, you can try to restart the networking with the command `sudo systemctl restart networking` or the equivalent for your distribution.\r\n\r\nIf these steps did not restore network connectivity, please report this.\r\n\r\n---\r\n\r\nKeywords: lost internet, no network, timeout, after install, after shutdown, cannot access, not working, uninstall, remove, deleted, reboot, restart, broken, DNS, resolving\r\n\r\nCategories: Starting and Stopping", + "body": "While Portmaster integrates deeply into the network stack of your operating system, all of it is volatile - meaning that it is automatically removed when Portmaster shuts down or when Portmaster is uninstalled.\r\n\r\nHowever, there are special cases where you might loose Internet or network connectivity after shutting down or uninstalling Portmaster.\r\n\r\n### 1. DNS Configuration Issues\r\n\r\nPortmaster becomes the gateway for all DNS queries when you install it, but it does not configure itself as your DNS server in the system. Rather, it does a _soft_ integration by redirecting all DNS queries to itself.\r\n\r\nWhat can happen is that at some point - while Portmaster is installed - the DNS configuration of your system is changed or corrupted into a state that does not work. But because Portmaster is installed, it will seamlessly fix it for you, because it \"corrects\" all queries.\r\nWhen you then shutdown or uninstall Portmaster this \"fix\" is removed and you end up with a broken DNS configuration.\r\n\r\n__Please review the DNS configuration of your system.__ When in doubt, set it to _automatic_ or _DHCP_.\r\n\r\n### 2. Network Stack Issues by the Operation System\r\n\r\nIn some more extreme cases, the system might not correctly remove the integration as it should.\r\n\r\n#### Windows\r\n\r\nPortmaster marks all its network stack integrations (the Firewall Driver / Kernel Extension) as non-permanent and as such they are removed by Windows when the Portmaster shuts down or when Windows reboots.\r\n\r\nIn rare cases, however, Windows fails to correctly remove Portmaster’s network stack integration correctly, resulting in a loss of network connectivity. We have never experienced this issue ourselves and thus haven’t yet been able to take an in-depth look.\r\n\r\nThe help Windows restore network connectivity, open a Windows [cmd](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmd) as an Administrator and enter the following commands to reset your network.\r\nWarning: You might need to reconfigure any special network settings you had.\r\n\r\n netsh int ip reset\r\n netsh winsock reset catalog\r\n\r\nAfter that, reboot.\r\n\r\nIf these steps did not restore network connectivity, please report this.\r\n\r\n#### Linux\r\n\r\nPortmaster adds rules to the _iptables_ configuration in order to integrate into the network stack. These are automatically removed when Portmaster shuts down or is uninstalled. There might be rare cases, where this does not happen. Then you can remove them manually by running `sudo /opt/safing/portmaster recover-iptables` or restarting.\r\n\r\nIf there is another problem, you can try to restart the networking with the command `sudo systemctl restart networking` or the equivalent for your distribution.\r\n\r\nIf these steps did not restore network connectivity, please report this.\r\n\r\n---\r\n\r\nKeywords: lost internet, no network, timeout, after install, after shutdown, cannot access, not working, uninstall, remove, deleted, reboot, restart, broken, DNS, resolving, network issues\r\n\r\nCategories: Windows, Linux, Starting and Stopping", "title": "FAQ: Why is my Internet or Network Access broken after shutdown or uninstall?", "url": "https://github.com/safing/portmaster/issues/699" } diff --git a/_data/menus.yml b/_data/menus.yml index c3b985b..c68e2e0 100644 --- a/_data/menus.yml +++ b/_data/menus.yml @@ -1,8 +1,10 @@ items: - title: Portmaster - extra_path: "/architecture/overview" + custom_url: "/" children: - title: FAQ + - title: Changelog + - title: Guides extra_path: "/contribute" children: @@ -14,6 +16,7 @@ items: custom_url: /portmaster/settings - title: DNS Configuration - title: Network Rating + - title: Install extra_path: "/windows" children: @@ -26,7 +29,7 @@ items: - title: Software Compatibility - title: Mobile - title: Mac - + - title: Architecture extra_path: "/overview" children: @@ -41,14 +44,11 @@ items: - title: OS Integration - title: User Interface - title: Notifier + - title: Update System - title: Developer API # This _MUST_ be equal to the config value site.portmaster_api_url. custom_url: /portmaster/api + - title: SPN - extra_path: "/alpha/status" children: - - title: Alpha - extra_path: "/status" - children: - - title: Status - title: Hosting a Community Node diff --git a/_data/portmaster-api.json b/_data/portmaster-api.json index 92cd757..27fcf74 100644 --- a/_data/portmaster-api.json +++ b/_data/portmaster-api.json @@ -1,9 +1,21 @@ [ { - "Path": "app/auth", + "Name": "Get Account Features", + "Description": "Returns all account features.", + "Path": "account/features", "MimeType": "application/json", - "Read": 1, - "ReadMethod": "GET", + "Read": 2, + "ReadMethod": "GET" + }, + { + "Name": "Returns the image of the featuare", + "Description": "", + "Path": "account/features/{id:[A-Za-z0-9_-]+}/icon", + "MimeType": "image/svg+xml", + "Read": 2, + "ReadMethod": "GET" + }, + { "Name": "Request an authentication token with a given set of permissions. The user will be prompted to either authorize or deny the request. Used for external or third-party tool integrations.", "Description": "", "Parameters": [ @@ -31,69 +43,69 @@ "Value": "", "Description": "The time-to-live for the new access token. Defaults to 24h" } - ] + ], + "Path": "app/auth", + "MimeType": "application/json", + "Read": 1, + "ReadMethod": "GET" }, { + "Name": "Get the ID of the calling profile", + "Description": "", "Path": "app/profile", "MimeType": "application/json", "Read": 2, - "ReadMethod": "GET", - "Name": "Get the ID of the calling profile", - "Description": "" + "ReadMethod": "GET" }, { + "Name": "Request HTTP Basic Auth", + "Description": "Returns an HTTP Basic Auth request, if not authenticated.", "Path": "auth/basic", "MimeType": "text/plain", "Read": -1, - "ReadMethod": "GET", - "Name": "Request HTTP Basic Auth", - "Description": "Returns an HTTP Basic Auth request, if not authenticated." + "ReadMethod": "GET" }, { + "Name": "Request HTTP Bearer Auth", + "Description": "Returns an HTTP Bearer Auth request, if not authenticated.", "Path": "auth/bearer", "MimeType": "text/plain", "Read": -1, - "ReadMethod": "GET", - "Name": "Request HTTP Bearer Auth", - "Description": "Returns an HTTP Bearer Auth request, if not authenticated." + "ReadMethod": "GET" }, { + "Name": "View Current Permissions", + "Description": "Returns the current permissions assigned to the request.", "Path": "auth/permissions", "MimeType": "application/json", "Read": -1, - "ReadMethod": "GET", - "Name": "View Current Permissions", - "Description": "Returns the current permissions assigned to the request." + "ReadMethod": "GET" }, { + "Name": "Reset Authenticated Session", + "Description": "Resets authentication status internally and in the browser.", "Path": "auth/reset", "MimeType": "text/plain", "Read": 1, - "ReadMethod": "GET", - "Name": "Reset Authenticated Session", - "Description": "Resets authentication status internally and in the browser." + "ReadMethod": "GET" }, { + "Name": "Get Broadcast Notifications Matching Data", + "Description": "Returns the data used by the broadcast notifications to match the instance.", "Path": "broadcasts/matching-data", "MimeType": "application/json", "Read": 3, - "ReadMethod": "GET", - "Name": "Get Broadcast Notifications Matching Data", - "Description": "Returns the data used by the broadcast notifications to match the instance." + "ReadMethod": "GET" }, { + "Name": "Resets the Broadcast Notification States", + "Description": "Delete the cache of Broadcast Notifications, making them appear again.", "Path": "broadcasts/reset-state", "MimeType": "text/plain", "Write": 3, - "WriteMethod": "POST", - "Name": "Resets the Broadcast Notification States", - "Description": "Delete the cache of Broadcast Notifications, making them appear again." + "WriteMethod": "POST" }, { - "Path": "broadcasts/simulate", - "MimeType": "text/plain", - "Write": 3, - "WriteMethod": "POST", "Name": "Simulate Broadcast Notifications", "Description": "Test broadcast notifications by sending a valid source file in the body.", "Parameters": [ @@ -103,53 +115,61 @@ "Value": "true", "Description": "Check against state when deciding to display a broadcast notification. Acknowledgements are always saved." } - ] + ], + "Path": "broadcasts/simulate", + "MimeType": "text/plain", + "Write": 3, + "WriteMethod": "POST" }, { + "Name": "Run Integration Self-Check", + "Description": "Runs a couple integration self-checks in order to see if the system integration works.", "Path": "compat/self-check", "MimeType": "text/plain", "Read": 2, - "ReadMethod": "GET", - "Name": "Run Integration Self-Check", - "Description": "Runs a couple integration self-checks in order to see if the system integration works." + "ReadMethod": "GET" }, { + "Name": "Export Configuration Options", + "Description": "Returns a list of all registered configuration options and their metadata. This does not include the current active or default settings.", "Path": "config/options", "MimeType": "application/json", "Read": 1, - "ReadMethod": "GET", - "Name": "Export Configuration Options", - "Description": "Returns a list of all registered configuration options and their metadata. This does not include the current active or default settings." + "ReadMethod": "GET" }, { + "Name": "Restart Portmaster", + "Description": "Restart the Portmaster Core Service.", "Path": "core/restart", "MimeType": "text/plain", "Write": 3, - "WriteMethod": "POST", - "Name": "Restart Portmaster", - "Description": "Restart the Portmaster Core Service." + "WriteMethod": "POST" }, { + "Name": "Shut Down Portmaster", + "Description": "Shut down the Portmaster Core Service and all UI components.", "Path": "core/shutdown", "MimeType": "text/plain", "Write": 4, - "WriteMethod": "POST", - "Name": "Shut Down Portmaster", - "Description": "Shut down the Portmaster Core Service and all UI components." + "WriteMethod": "POST" }, { - "Path": "debug/allocs", + "Name": "Update custom filter list", + "Description": "Reload the filter list from the configured file.", + "Path": "customlists/update", "MimeType": "text/plain", - "Read": 1, - "ReadMethod": "GET", - "Name": "Get Allocs Profile", - "Description": "" + "Write": 2, + "WriteMethod": "POST" }, { - "Path": "debug/core", - "MimeType": "text/plain", + "Name": "Get Allocs Profile", + "Description": "Gather and return the memory allocation profile.\n\t\t\n\t\tYou can easily view this data in your browser with this command (with Go installed):\n\t\t`go tool pprof -http :8888 http://127.0.0.1:817/api/v1/debug/allocs`\n\t\t", + "Path": "debug/allocs", + "MimeType": "application/octet-stream", "Read": 1, - "ReadMethod": "GET", + "ReadMethod": "GET" + }, + { "Name": "Get Debug Information", "Description": "Returns network debugging information, similar to debug/info, but with system status data.", "Parameters": [ @@ -159,15 +179,15 @@ "Value": "github", "Description": "Specify the formatting style. The default is simple markdown formatting." } - ] - }, - { - "Path": "debug/cpu", + ], + "Path": "debug/core", "MimeType": "text/plain", "Read": 1, - "ReadMethod": "GET", + "ReadMethod": "GET" + }, + { "Name": "Get CPU Profile", - "Description": "", + "Description": "Gather and return the CPU profile.\nThis data needs to gathered over a period of time, which is specified using the duration parameter.\n\nYou can easily view this data in your browser with this command (with Go installed):\n`go tool pprof -http :8888 http://127.0.0.1:817/api/v1/debug/cpu`\n", "Parameters": [ { "Method": "GET", @@ -175,21 +195,21 @@ "Value": "10s", "Description": "Specify the formatting style. The default is simple markdown formatting." } - ] + ], + "Path": "debug/cpu", + "MimeType": "application/octet-stream", + "Read": 1, + "ReadMethod": "GET" }, { + "Name": "Get Heap Profile", + "Description": "Gather and return the heap memory profile.\n\t\t\n\t\tYou can easily view this data in your browser with this command (with Go installed):\n\t\t`go tool pprof -http :8888 http://127.0.0.1:817/api/v1/debug/heap`\n\t\t", "Path": "debug/heap", - "MimeType": "text/plain", + "MimeType": "application/octet-stream", "Read": 1, - "ReadMethod": "GET", - "Name": "Get Heap Profile", - "Description": "" + "ReadMethod": "GET" }, { - "Path": "debug/info", - "MimeType": "text/plain", - "Read": 1, - "ReadMethod": "GET", "Name": "Get Debug Information", "Description": "Returns debugging information, including the version and platform info, errors, logs and the current goroutine stack.", "Parameters": [ @@ -199,13 +219,13 @@ "Value": "github", "Description": "Specify the formatting style. The default is simple markdown formatting." } - ] + ], + "Path": "debug/info", + "MimeType": "text/plain", + "Read": 1, + "ReadMethod": "GET" }, { - "Path": "debug/network", - "MimeType": "text/plain", - "Read": 2, - "ReadMethod": "GET", "Name": "Get Network Debug Information", "Description": "Returns network debugging information, similar to debug/core, but with connection data.", "Parameters": [ @@ -227,37 +247,37 @@ "Value": "\u003cquery\u003e", "Description": "Specify a query to limit the connections included in the report. The default is to include all connections." } - ] + ], + "Path": "debug/network", + "MimeType": "text/plain", + "Read": 2, + "ReadMethod": "GET" }, { + "Name": "Get Network State Table Data", + "Description": "Returns the current network state tables from the OS.", "Path": "debug/network/state", "MimeType": "application/json", "Read": 2, - "ReadMethod": "GET", - "Name": "Get Network State Table Data", - "Description": "Returns the current network state tables from the OS." + "ReadMethod": "GET" }, { + "Name": "Get Goroutine Stack", + "Description": "Returns the current goroutine stack.", "Path": "debug/stack", "MimeType": "text/plain", "Read": 1, - "ReadMethod": "GET", - "Name": "Get Goroutine Stack", - "Description": "Returns the current goroutine stack." + "ReadMethod": "GET" }, { + "Name": "Print Goroutine Stack", + "Description": "Prints the current goroutine stack to stdout.", "Path": "debug/stack/print", "MimeType": "text/plain", "Read": 1, - "ReadMethod": "GET", - "Name": "Print Goroutine Stack", - "Description": "Prints the current goroutine stack to stdout." + "ReadMethod": "GET" }, { - "Path": "dns/cache/{query:[a-z0-9\\.-]{0,512}\\.[A-Z]{1,32}}", - "MimeType": "application/json", - "Read": 2, - "ReadMethod": "GET", "Name": "Get DNS Record from Cache", "Description": "Returns cached dns records from the internal cache.", "Parameters": [ @@ -267,113 +287,161 @@ "Value": "fqdn and query type", "Description": "Specify the query like this: `example.com.A`." } - ] + ], + "Path": "dns/cache/{query:[a-z0-9\\.-]{0,512}\\.[A-Z]{1,32}}", + "MimeType": "application/json", + "Read": 2, + "ReadMethod": "GET" }, { + "Name": "Clear cached DNS records", + "Description": "Deletes all saved DNS records from the database.", "Path": "dns/clear", "MimeType": "text/plain", "Write": 2, - "WriteMethod": "POST", - "Name": "Clear cached DNS records", - "Description": "Deletes all saved DNS records from the database." + "WriteMethod": "POST" }, { + "Name": "List DNS Resolvers", + "Description": "List currently configured DNS resolvers and their status.", "Path": "dns/resolvers", "MimeType": "application/json", "Read": 1, - "ReadMethod": "GET", - "Name": "List DNS Resolvers", - "Description": "List currently configured DNS resolvers and their status." + "ReadMethod": "GET" }, { + "Name": "Export API Endpoints", + "Description": "Returns a list of all registered endpoints and their metadata.", "Path": "endpoints", "MimeType": "application/json", "Read": 1, - "ReadMethod": "GET", - "Name": "Export API Endpoints", - "Description": "Returns a list of all registered endpoints and their metadata." + "ReadMethod": "GET" }, { + "Name": "Get Country Information", + "Description": "Returns a map of country information centers indexed by ISO-A2 country code", + "Path": "intel/geoip/countries", + "MimeType": "application/json", + "Read": 2, + "ReadMethod": "GET" + }, + { + "Name": "Get Module Status", + "Description": "Returns status information of all modules.", + "Path": "modules/status", + "MimeType": "application/json", + "Read": 2, + "ReadMethod": "GET" + }, + { + "Name": "Trigger Event", + "Description": "Triggers an event of an internal module.", "Path": "modules/{moduleName:.+}/trigger/{eventName:.+}", "MimeType": "text/plain", "Write": 4, - "WriteMethod": "POST", - "Name": "Trigger Event", - "Description": "Triggers an event of an internal module." + "WriteMethod": "POST" }, { - "Path": "netquery/charts/connection-active", + "Name": "Bandwidth Chart", + "Description": "Query the in-memory sqlite connection database and return a chart of bytes sent/received.", + "Path": "netquery/charts/bandwidth", "MimeType": "application/json", - "Read": 2, - "ReadMethod": "GET", "Write": 2, - "WriteMethod": "POST", + "WriteMethod": "POST" + }, + { "Name": "Active Connections Chart", - "Description": "Query the in-memory sqlite connection database and return a chart of active connections." + "Description": "Query the in-memory sqlite connection database and return a chart of active connections.", + "Path": "netquery/charts/connection-active", + "MimeType": "application/json", + "Write": 2, + "WriteMethod": "POST" }, { + "Name": "Apply connection history retention threshold", + "Description": "", + "Path": "netquery/history/cleanup", + "MimeType": "text/plain", + "Write": 2, + "WriteMethod": "POST" + }, + { + "Name": "Remove connections from profile history", + "Description": "Remove all connections from the history database for one or more profiles", + "Path": "netquery/history/clear", + "MimeType": "application/json", + "Write": 2, + "WriteMethod": "POST" + }, + { + "Name": "Query Connections", + "Description": "Query the in-memory sqlite connection database.", "Path": "netquery/query", "MimeType": "application/json", "Read": 2, "ReadMethod": "GET", "Write": 2, - "WriteMethod": "POST", - "Name": "Query Connections", - "Description": "Query the in-memory sqlite connection database." + "WriteMethod": "POST" }, { - "Path": "network/gateways", + "Name": "Batch Query Connections", + "Description": "Batch query the in-memory sqlite connection database.", + "Path": "netquery/query/batch", "MimeType": "application/json", "Read": 2, "ReadMethod": "GET", + "Write": 2, + "WriteMethod": "POST" + }, + { "Name": "Get Default Gateways", - "Description": "Returns the current active default gateways of the network." + "Description": "Returns the current active default gateways of the network.", + "Path": "network/gateways", + "MimeType": "application/json", + "Read": 2, + "ReadMethod": "GET" }, { + "Name": "Get Approximate Internet Location", + "Description": "Returns an approximation of where the device is on the Internet.", "Path": "network/location", "MimeType": "application/json", "Read": 2, - "ReadMethod": "GET", - "Name": "Get Approximate Internet Location", - "Description": "Returns an approximation of where the device is on the Internet." + "ReadMethod": "GET" }, { + "Name": "Get Approximate Internet Location via Traceroute", + "Description": "Returns an approximation of where the device is on the Internet using a the traceroute technique.", "Path": "network/location/traceroute", "MimeType": "application/json", "Read": 2, - "ReadMethod": "GET", - "Name": "Get Approximate Internet Location via Traceroute", - "Description": "Returns an approximation of where the device is on the Internet using a the traceroute technique." + "ReadMethod": "GET" }, { + "Name": "Get System Nameservers", + "Description": "Returns the currently configured nameservers on the OS.", "Path": "network/nameservers", "MimeType": "application/json", "Read": 2, - "ReadMethod": "GET", - "Name": "Get System Nameservers", - "Description": "Returns the currently configured nameservers on the OS." + "ReadMethod": "GET" }, { + "Name": "Ping", + "Description": "Pong.", "Path": "ping", "MimeType": "text/plain", "Read": 1, - "ReadMethod": "GET", - "Name": "Ping", - "Description": "Pong." + "ReadMethod": "GET" }, { + "Name": "SPN Login", + "Description": "Log into your SPN account.", "Path": "spn/account/login", "MimeType": "text/plain", "Write": 3, - "WriteMethod": "POST", - "Name": "SPN Login", - "Description": "Log into your SPN account." + "WriteMethod": "POST" }, { - "Path": "spn/account/logout", - "MimeType": "text/plain", - "Write": 3, - "WriteMethod": "DELETE", "Name": "SPN Logout", "Description": "Logout from your SPN account.", "Parameters": [ @@ -383,13 +451,13 @@ "Value": "", "Description": "If set, account data is purged. Otherwise, the username and device ID are kept in order to log into the same device when logging in with the same user again." } - ] + ], + "Path": "spn/account/logout", + "MimeType": "text/plain", + "Write": 3, + "WriteMethod": "DELETE" }, { - "Path": "spn/account/user/profile", - "MimeType": "application/json", - "Read": 2, - "ReadMethod": "GET", "Name": "SPN User Profile", "Description": "Get the user profile of the logged in SPN account.", "Parameters": [ @@ -399,13 +467,13 @@ "Value": "", "Description": "If set, the user profile is freshly fetched from the account server." } - ] + ], + "Path": "spn/account/user/profile", + "MimeType": "application/json", + "Read": 2, + "ReadMethod": "GET" }, { - "Path": "spn/map/{map:[A-Za-z0-9]{1,255}}/graph{format:\\.[a-z]{2,4}}", - "MimeType": "text/plain", - "Read": 2, - "ReadMethod": "GET", "Name": "Get SPN map graph", "Description": "Returns a graph of the given SPN map.", "Parameters": [ @@ -421,70 +489,288 @@ "Value": "file type", "Description": "Specify the format you want to get the map in. Available values: `dot`, `html`. Please note that the html format is only available in development mode." } - ] + ], + "Path": "spn/map/{map:[A-Za-z0-9]{1,255}}/graph{format:\\.[a-z]{2,4}}", + "MimeType": "text/plain", + "Read": 2, + "ReadMethod": "GET" + }, + { + "Name": "Update map intelligence.", + "Description": "Updates the intel data of the map.", + "Path": "spn/map/{map:[A-Za-z0-9]{1,255}}/intel/update", + "MimeType": "text/plain", + "Write": 4, + "WriteMethod": "POST" }, { + "Name": "Get SPN map measurements", + "Description": "Returns the measurements of the map.", "Path": "spn/map/{map:[A-Za-z0-9]{1,255}}/measurements", "MimeType": "application/json", "Read": 2, - "ReadMethod": "GET", - "Name": "Get SPN map measurements", - "Description": "Returns the measurements of the map." + "ReadMethod": "GET" }, { + "Name": "Get SPN map measurements as a table", + "Description": "Returns the measurements of the map as a table.", "Path": "spn/map/{map:[A-Za-z0-9]{1,255}}/measurements/table", "MimeType": "text/plain", "Read": 2, - "ReadMethod": "GET", - "Name": "Get SPN map measurements as a table", - "Description": "Returns the measurements of the map as a table." + "ReadMethod": "GET" }, { + "Name": "Get SPN map optimization", + "Description": "Returns the calculated optimization for the map.", "Path": "spn/map/{map:[A-Za-z0-9]{1,255}}/optimization", "MimeType": "application/json", "Read": 2, - "ReadMethod": "GET", - "Name": "Get SPN map optimization", - "Description": "Returns the calculated optimization for the map." + "ReadMethod": "GET" }, { + "Name": "Get SPN map optimization as a table", + "Description": "Returns the calculated optimization for the map as a table.", "Path": "spn/map/{map:[A-Za-z0-9]{1,255}}/optimization/table", "MimeType": "text/plain", "Read": 2, - "ReadMethod": "GET", - "Name": "Get SPN map optimization as a table", - "Description": "Returns the calculated optimization for the map as a table." + "ReadMethod": "GET" }, { + "Name": "Get SPN map pins", + "Description": "Returns a list of pins on the map.", "Path": "spn/map/{map:[A-Za-z0-9]{1,255}}/pins", "MimeType": "application/json", "Read": 2, - "ReadMethod": "GET", - "Name": "Get SPN map pins", - "Description": "Returns a list of pins on the map." + "ReadMethod": "GET" + }, + { + "Name": "Calculate Route through SPN", + "Description": "Returns a textual representation of the routing process.", + "Parameters": [ + { + "Method": "GET", + "Field": "profile", + "Value": "\u003cid\u003e|global", + "Description": "Specify a profile ID to load more settings for simulation." + }, + { + "Method": "GET", + "Field": "encrypted", + "Value": "true", + "Description": "Specify to signify that the simulated connection should be regarded as encrypted. Only valid with a profile." + } + ], + "Path": "spn/map/{map:[A-Za-z0-9]{1,255}}/route/to/{destination:[a-z0-9_\\.:-]{1,255}}", + "MimeType": "text/plain", + "Read": 2, + "ReadMethod": "GET" }, { + "Name": "Re-initialize SPN", + "Description": "Stops the SPN, resets all caches and starts it again. The SPN account and settings are not changed.", "Path": "spn/reinit", "MimeType": "text/plain", "Write": 3, - "WriteMethod": "POST", - "Name": "Re-initialize SPN", - "Description": "Stops the SPN, resets all caches and starts it again. The SPN account and settings are not changed." + "WriteMethod": "POST" + }, + { + "Name": "Export App Profile", + "Description": "Exports app fingerprints, settings and metadata in a share-able format.", + "Parameters": [ + { + "Method": "GET", + "Field": "id", + "Value": "", + "Description": "Specify scoped profile ID to export." + } + ], + "Path": "sync/profile/export", + "MimeType": "text/plain", + "Read": 3, + "ReadMethod": "GET", + "Write": 3, + "WriteMethod": "POST" + }, + { + "Name": "Import App Profile", + "Description": "Imports full app profiles, including fingerprints, setting and metadata from the share-able format.", + "Parameters": [ + { + "Method": "POST", + "Field": "allowReplace", + "Value": "", + "Description": "Allow replacing existing profiles." + }, + { + "Method": "POST", + "Field": "validate", + "Value": "", + "Description": "Validate only." + }, + { + "Method": "POST", + "Field": "reset", + "Value": "", + "Description": "Replace all existing settings." + }, + { + "Method": "POST", + "Field": "allowUnknown", + "Value": "", + "Description": "Allow importing of unknown values." + } + ], + "Path": "sync/profile/import", + "MimeType": "application/json", + "Read": 3, + "ReadMethod": "GET", + "Write": 3, + "WriteMethod": "POST" + }, + { + "Name": "Export Settings", + "Description": "Exports settings in a share-able format.", + "Parameters": [ + { + "Method": "GET", + "Field": "from", + "Value": "", + "Description": "Specify where to export from." + }, + { + "Method": "GET", + "Field": "key", + "Value": "", + "Description": "Optionally select a single setting to export. Repeat to export selection." + } + ], + "Path": "sync/settings/export", + "MimeType": "text/plain", + "Read": 3, + "ReadMethod": "GET", + "Write": 3, + "WriteMethod": "POST" + }, + { + "Name": "Import Settings", + "Description": "Imports settings from the share-able format.", + "Parameters": [ + { + "Method": "POST", + "Field": "to", + "Value": "", + "Description": "Specify where to import to." + }, + { + "Method": "POST", + "Field": "validate", + "Value": "", + "Description": "Validate only." + }, + { + "Method": "POST", + "Field": "reset", + "Value": "", + "Description": "Replace all existing settings." + }, + { + "Method": "POST", + "Field": "allowUnknown", + "Value": "", + "Description": "Allow importing of unknown values." + } + ], + "Path": "sync/settings/import", + "MimeType": "application/json", + "Read": 3, + "ReadMethod": "GET", + "Write": 3, + "WriteMethod": "POST" + }, + { + "Name": "Export Single Setting", + "Description": "Exports a single setting in a share-able format.", + "Parameters": [ + { + "Method": "GET", + "Field": "from", + "Value": "", + "Description": "Specify where to export from." + }, + { + "Method": "GET", + "Field": "key", + "Value": "", + "Description": "Specify which settings key to export." + } + ], + "Path": "sync/single-setting/export", + "MimeType": "text/plain", + "Read": 3, + "ReadMethod": "GET", + "Write": 3, + "WriteMethod": "POST" + }, + { + "Name": "Import Single Setting", + "Description": "Imports a single setting from the share-able format.", + "Parameters": [ + { + "Method": "POST", + "Field": "to", + "Value": "", + "Description": "Specify where to import to." + }, + { + "Method": "POST", + "Field": "key", + "Value": "", + "Description": "Specify which setting key to import." + }, + { + "Method": "POST", + "Field": "validate", + "Value": "", + "Description": "Validate only." + } + ], + "Path": "sync/single-setting/import", + "MimeType": "application/json", + "Read": 3, + "ReadMethod": "GET", + "Write": 3, + "WriteMethod": "POST" }, { + "Name": "Reload UI Assets", + "Description": "Removes all assets from the cache and reloads the current (possibly updated) version from disk when requested.", "Path": "ui/reload", "MimeType": "text/plain", "Write": 2, - "WriteMethod": "POST", - "Name": "Reload UI Assets", - "Description": "Removes all assets from the cache and reloads the current (possibly updated) version from disk when requested." + "WriteMethod": "POST" }, { + "Name": "Check for Updates", + "Description": "Checks if new versions are available. If automatic updates are enabled, they are also downloaded and applied.", + "Parameters": [ + { + "Method": "POST", + "Field": "download", + "Value": "", + "Description": "Force downloading and applying of all updates, regardless of auto-update settings." + } + ], "Path": "updates/check", "MimeType": "text/plain", "Write": 2, - "WriteMethod": "POST", - "Name": "Check for Updates", - "Description": "Triggers checking for updates." + "WriteMethod": "POST" + }, + { + "Name": "Get Resource", + "Description": "Returns the requested resource from the udpate system", + "Path": "updates/get/{identifier:[A-Za-z0-9/\\.\\-_]{1,255}}", + "MimeType": "text/plain", + "Read": 2, + "ReadMethod": "GET" } ] \ No newline at end of file diff --git a/_data/releases/all.json b/_data/releases/all.json new file mode 100644 index 0000000..3263a11 --- /dev/null +++ b/_data/releases/all.json @@ -0,0 +1,902 @@ +[ + { + "name": "portmaster-v0.7.13", + "tag_name": "portmaster-v0.7.13", + "body": "\r\n\r\n- Bump portmaster module version\r\n- Merge branch 'master' into develop\r\n- Rename tool \"check for updates\"\r\n- Fix linter error\r\n- Improve news\r\n- Add news carousel to dashboard\r\n- Bump portmaster module version", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.13", + "created_at": "2023-10-18T14:47:05Z", + "date": "2023-10-18", + "repo": "portmaster-ui" + }, + { + "name": "v1.5.1", + "tag_name": "v1.5.1", + "body": "\r\n\r\n- Check failing resolvers asynchronously\r\n- Move enabling metric persistence to core module prep phase\r\n- Convert update resources to accept formats\r\n- Add api endpoint to serve update resources\r\n- Move MimeTypeByExtension to portbase/utils", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.5.1", + "created_at": "2023-10-17T10:46:36Z", + "date": "2023-10-17", + "repo": "portmaster" + }, + { + "name": "v0.7.4 (lib only)", + "tag_name": "v0.7.4", + "body": "\r\n\r\n- Improve account update schedule\r\n- Improve account error message", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.7.4", + "created_at": "2023-10-17T09:31:32Z", + "date": "2023-10-17", + "repo": "spn" + }, + { + "name": "v0.7.3", + "tag_name": "v0.7.3", + "body": "\r\n\r\n- Bump hub version\r\n- Update deps\r\n- Return error when loading intel with test map to prevent looping\r\n- Close waiting connections when stopping docking request handler\r\n- Leave loading of geoip to navigator\r\n- Fix stopping TCP piers\r\n- Add support for binding Piers to specific addresses\r\n- Improve rate limiting over longer periods", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.7.3", + "created_at": "2023-10-13T11:04:46Z", + "date": "2023-10-13", + "repo": "spn" + }, + { + "name": "v1.5.0", + "tag_name": "v1.5.0", + "body": "\r\n\r\n- Finalize bandwidth chart endpoint\r\n- Split netquery package files and update bandwidth chart handler\r\n- Update bandwidth handling and add basic chart support", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.5.0", + "created_at": "2023-10-10T14:27:42Z", + "date": "2023-10-10", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.7.12", + "tag_name": "portmaster-v0.7.12", + "body": "\r\n\r\n- Improve feature scout home node info tooltip\r\n- Fix pricing URL\r\n- Update color schemes for charts\r\n- Update app-view, network-scout and netquery viewer to show bandwidth data\r\n- Add bandwidth charts to dashboard page\r\n- Update line chart and connection details\r\n- Update common pipes module\r\n- Add port alias for remote_port\r\n- Add bandwidth endpoints to netquery service\r\n- Add circular-bar chart component\r\n- Add toSeconds pipe\r\n- Add round pipe\r\n- Add duration pipe", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.12", + "created_at": "2023-10-10T12:56:20Z", + "date": "2023-10-10", + "repo": "portmaster-ui" + }, + { + "name": "v1.4.11", + "tag_name": "v1.4.11", + "body": "\r\n\r\n- Bump core version\r\n- Fix and improve triggering updates from UI", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.11", + "created_at": "2023-10-06T15:36:26Z", + "date": "2023-10-06", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.7.11", + "tag_name": "portmaster-v0.7.11", + "body": "\r\n\r\n- Bump portmaster module version\r\n- Fix nav tooptip\r\n- Move SPN transport in feature scout to tooltip", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.11", + "created_at": "2023-10-06T13:13:38Z", + "date": "2023-10-06", + "repo": "portmaster-ui" + }, + { + "name": "v1.4.10", + "tag_name": "v1.4.10", + "body": "\r\n\r\n- Bump core version\r\n- Update deps\r\n- Update go version in CI workflow\r\n- Update deps\r\n- Fix annotation name\r\n- Improve update check notification\r\n- Disable force downloading when checking for updates", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.10", + "created_at": "2023-10-06T13:09:48Z", + "date": "2023-10-06", + "repo": "portmaster" + }, + { + "name": "v0.7.2", + "tag_name": "v0.7.2", + "body": "\r\n\r\n- Bump hub version\r\n- Update portbase\r\n- Update deps\r\n- Update go version in CI workflow\r\n- Add error message to connection when tunneling fails early\r\n- Improve connect op metrics", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.7.2", + "created_at": "2023-10-06T13:06:58Z", + "date": "2023-10-06", + "repo": "spn" + }, + { + "name": "v0.7.1", + "tag_name": "v0.7.1", + "body": "\r\n\r\n- Bump versions\r\n- Update deps", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.7.1", + "created_at": "2023-10-05T10:36:01Z", + "date": "2023-10-05", + "repo": "spn" + }, + { + "name": "v0.7.0", + "tag_name": "v0.7.0", + "body": "\r\n\r\n- Improve rate limit logging\r\n- Add tests for terminal session\r\n- Add whoami operation\r\n- Limit concurrent connection attempts\r\n- Fix linter warnings\r\n- Update simple testing suite\r\n- Enable concurrent connect ops and add connect op rate limiting\r\n- Add option to only bind to advertised IPs", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.7.0", + "created_at": "2023-10-05T10:30:21Z", + "date": "2023-10-05", + "repo": "spn" + }, + { + "name": "v1.4.9", + "tag_name": "v1.4.9", + "body": "\r\n\r\n- Bump core version\r\n- Update deps\r\n- Update for changed DownloadUpdates method signature\r\n- Improve update notifications\r\n- Improve string operations and use new call limiter in network/proc\r\n- Use new call limiter in network state tables", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.9", + "created_at": "2023-10-02T14:51:20Z", + "date": "2023-10-02", + "repo": "portmaster" + }, + { + "name": "v0.6.23 (lib only)", + "tag_name": "v0.6.23", + "body": "\r\n\r\n- Fail when there already is a pending sluice request for the local address", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.23", + "created_at": "2023-10-02T14:25:27Z", + "date": "2023-10-02", + "repo": "spn" + }, + { + "name": "v1.4.8", + "tag_name": "v1.4.8", + "body": "\r\n\r\n- Bump core version\r\n- Update deps\r\n- Fix panic in toSQLConditionClause when no values are provided", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.8", + "created_at": "2023-09-27T12:56:19Z", + "date": "2023-09-27", + "repo": "portmaster" + }, + { + "name": "v0.6.22 (lib only)", + "tag_name": "v0.6.22", + "body": "\r\n\r\n- Improve SPN connecting after device sleep\r\n- Improve parsing of hub policies and transports\r\n- Reset failing hubs when the network changes while not connected\r\n- Add flag to configure reporting delay (observer)\r\n", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.22", + "created_at": "2023-09-27T12:49:01Z", + "date": "2023-09-27", + "repo": "spn" + }, + { + "name": "v1.4.7", + "tag_name": "v1.4.7", + "body": "\r\n\r\n- Do not get process+profile for info only packets\r\n- Add support for AllowUnencrypted state (disabled)\r\n- Disable profile ID migration\r\n- Remove blob icon type\r\n- Add module errors for failed profile migrations\r\n- Stop forcing using system resolvers for connectivity domains\r\n- Only log error, but continue on profile migration error\r\n- Move blocking of invalid IPs behind rules\r\n- Improve profile migrations\r\n- Add migration to new profile IDs\r\n- Fix error log when no logs exist\r\n- De-duplicate fingerprints and icons\r\n- Add first method to merge profiles\r\n- Migrate profile icons from fields to list of icons\r\n- Derive profile ID from fingerprints", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.7", + "created_at": "2023-09-19T15:09:46Z", + "date": "2023-09-19", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.7.10", + "tag_name": "portmaster-v0.7.10", + "body": "\r\n\r\n- Bump portmaster module version\r\n- Migrate app Icon to the new icon list", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.10", + "created_at": "2023-09-19T15:04:14Z", + "date": "2023-09-19", + "repo": "portmaster-ui" + }, + { + "name": "v0.6.21", + "tag_name": "v0.6.21", + "body": "\r\n\r\n- Remove special formatting of version field in observer\r\n- Add CBOR tags to hub info and status\r\n- Check context more often while launching ships / connecting\r\n- Add flag for Hubs to opt into handling unencrypted connections\r\n- Improve handling of transports, add protocol preference sorting\r\n- Add http pier, http info page and revamp docking", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.21", + "created_at": "2023-09-19T08:03:04Z", + "date": "2023-09-19", + "repo": "spn" + }, + { + "name": "portmaster-v0.7.9", + "tag_name": "portmaster-v0.7.9", + "body": "\r\n\r\n- Fix rendering with empty SPN pins in dashboard\r\n- Fix locale module loading\r\n- Fix network monitor not showing connections when SPN is disabled", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.9", + "created_at": "2023-09-15T08:31:19Z", + "date": "2023-09-15", + "repo": "portmaster-ui" + }, + { + "name": "v1.4.6", + "tag_name": "v1.4.6", + "body": "\r\n\r\n- Detect system locale and estimate best default locale setting\r\n- netquery: add batch-query handler\r\n- netquery: add Server-Timing HTTP header for better SQL query analysis\r\n- netquery: make parseQueryRequestPayload generic\r\n- netquery: split up query payload into a dedicated file\r\n- core: add core/localeID setting to configure formating of dates, currencies and numbers for the user interface\r\n- netquery: fix value encoding for time.Time queries\r\n- Fix incorrect check using reflect.Float32 instead of reflect.Float64\r\n- Update netquery query handler to only use strftime when the given value is a number kind\r\n- Add support for $gt, $ge, $lt, $le operators for netquery. Update DatetimeEncoder to support values specified in seconds\r\n- Disable compat debug info for app because of import troubles\r\n- Update SPN dep\r\n- Improve IP/Port parsing\r\n- Improve entity metadata initialization\r\n- Add wildcard port matching test to endpoints\r\n- Improve rule config help\r\n- Add internal metric IDs, add nameserver request metric\r\n", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.6", + "created_at": "2023-09-14T14:07:57Z", + "date": "2023-09-14", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.7.7", + "tag_name": "portmaster-v0.7.7", + "body": "\r\n\r\n- Show offline but actively used pins in country list\r\n- Add pretty names for \"to\" and \"from\" netquery fields\r\n- Fix memory-leak/subscription leak in toAppProfile pipe\r\n- Add warning messages to pin details\r\n- map: fix memory leak and race-condition with ResizeObserver\r\n- dashboard: fix trying to use forEach() on an empty response\r\n- dashboard: use country names from MapRef\r\n- dashboard: update dashboard component to use the new netquery batch API for loading statistics\r\n- netquery: use new batch API instead of using multiple calls\r\n- scout: skip update intervals if a update is already in progerss\r\n- shared: add a toAppProfile pipe that takes the profile key and starts watching the app profile\r\n- portmaster-api: update watchAppProfile from AppProfileService to accept a single \"source/id\" parameter\r\n- portmaster-api: add batch-query support to NetqueryService\r\n- Integrate changes from #482. Closes #482\r\n- Finish support for time-range queries in the network monitor\r\n- Add support to load the set locale on app-init\r\n- netquery: use date-pipe for Expires field of DNS requests\r\n- settings: Add support for WellKnown.RequiresUIReload annoation\r\n- netquery: add \"fake\" origin parameter to better track locations that query for connections\r\n- Fix netquery searchbar throwing an error if no suggestionValues are available\r\n- Fix memory/subscription leak in dynamic-items-paginator\r\n- Fix re-rendering of monitor results on SPN pin updates\r\n- Add basic support for date-range filtering\r\n- Add support for new netquery matchers\r\n- Add ng-zorro-antd package\r\n- remove obsolete code\r\n- Update dashboard page to use the map-renderer component and act as a MAP_HANDLER for highlighting countries\r\n- Update SPN page to use the new MAP_HANDLER interface for rendering pins and lanes\r\n- Improve map-renderer to support custom \"handlers\" for rendering overlays and additional nodes", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.7", + "created_at": "2023-09-14T14:00:14Z", + "date": "2023-09-14", + "repo": "portmaster-ui" + }, + { + "name": "v0.6.20", + "tag_name": "v0.6.20", + "body": "\r\n\r\n- Add flag to reboot on restart to SPN Hub\r\n- Improve navigator db query handling\r\n- Add comment for DisableAccount\r\n- Signify offline status through flag instead of the version field\r\n- Fix error handling without subscription\r\n- Add first version of observation hub", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.20", + "created_at": "2023-09-14T13:51:53Z", + "date": "2023-09-14", + "repo": "spn" + }, + { + "name": "v0.6.19", + "tag_name": "v0.6.19", + "body": "\r\n\r\n- Update portmaster dep\r\n- Update docker compose command\r\n- Remove interception import\r\n", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.19", + "created_at": "2023-09-06T14:51:11Z", + "date": "2023-09-06", + "repo": "spn" + }, + { + "name": "v0.6.18", + "tag_name": "v0.6.18", + "body": "\r\n\r\n- Update deps\r\n- Fix update user agent\r\n- Update portmaster dep\r\n- Add Hub Info and Status to pin export\r\n- Update to new IP/Port parsing\r\n- Maintain announcement with custom data\r\n- Update entity init\r\n- Add metric IDs\r\n", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.18", + "created_at": "2023-09-06T11:13:48Z", + "date": "2023-09-06", + "repo": "spn" + }, + { + "name": "portmaster-v0.7.6", + "tag_name": "portmaster-v0.7.6", + "body": "\r\n\r\n- Fix settings not being sync to the quick-settings toggles\r\n", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.6", + "created_at": "2023-08-30T17:48:18Z", + "date": "2023-08-30", + "repo": "portmaster-ui" + }, + { + "name": "portmaster-v0.7.5", + "tag_name": "portmaster-v0.7.5", + "body": "\r\n\r\n- Update to new country info\r\n- Improve country selection list for exit node selection quick setting\r\n- Improve feature hints in app view\r\n- feature-scout: Improve SPN connecting state in\r\n- Improve app view layout\r\n- Improve quick settings rendering\r\n- Add SPN exit country quick setting\r\n- spn: improve map rendering and initial positioning\r\n- Save network scout sort order in UI state\r\n- Apply default values in UIStateService\r\n- Re-fix memory leak fix in accordion\r\n- network-scout: change sort icon\r\n- dashboard: Improve map rendering\r\n- Add bandwidth statistics to app view\r\n- Improve edited settings indicator in app list\r\n- Fix rendering html in tip up titles\r\n- Improve feature scout and add it for dev ui only for testing\r\n- api/profiles: use a local cache for watchAppProfile streams to reduce the number of backend subscriptions\r\n- dashboard: fix country map to better fit the available widget size\r\n- ui/network-scout: add support for sorting apps\r\n- api/netquery: add bandwidth data to IProfileStats and use a cache to avoid re-fetching app profiles\r\n- ui/select: add support to render select inline instead of using a dropdown\r\n- Disable electron spellchecker to avoid connections for downloading spellcheck dictionary. Fixes #392\r\n- Fix bug in process details when no environment varaiables are available. Fixes #399\r\n- Auto-focus the search bar in the application overview. Fixes #419\r\n- Fix rxjs deprecation warnings\r\n- Add support to copy connection attributes to clipboard by pressing and holding CTRL. Fixes #425\r\n- Show a yellow dot for each app that has custom settings. Fixes #442\r\n- Fix unsubscription in SPN profile watch\r\n- Fix Memory Leak", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.5", + "created_at": "2023-08-28T14:10:55Z", + "date": "2023-08-28", + "repo": "portmaster-ui" + }, + { + "name": "v1.4.5", + "tag_name": "v1.4.5", + "body": "\r\n\r\n- Update SPN + deps\r\n- Add support for matching continents\r\n- Unify and improve country info", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.5", + "created_at": "2023-08-28T14:00:28Z", + "date": "2023-08-28", + "repo": "portmaster" + }, + { + "name": "v0.6.17 (lib only)", + "tag_name": "v0.6.17", + "body": "\r\n\r\n- Improve account status wording and checking times\r\n- Add quick setting data for selecting country\r\n- Add connected country to SPN status\r\n- Update to new country struct of Portmaster", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.17", + "created_at": "2023-08-28T13:48:55Z", + "date": "2023-08-28", + "repo": "spn" + }, + { + "name": "v1.4.4", + "tag_name": "v1.4.4", + "body": "\r\n\r\n- Update SPN + deps\r\n- Remove config option from privacy filter subsystem\r\n- Implement review suggestions\r\n- Combine geoip country info and add country names\r\n- Update format of default DNS resolvers\r\n- Remove unused parameter from resolver URL\r\n- Update DNS resolver config help\r\n- Add setting to specify transit node rules\r\n- Expose tunnel options creation and split tunnel options\r\n- Update README", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.4", + "created_at": "2023-08-24T07:56:03Z", + "date": "2023-08-24", + "repo": "portmaster" + }, + { + "name": "v0.6.16 (lib only)", + "tag_name": "v0.6.16", + "body": "\r\n\r\n- Update SPN rule quick setting countries on SPN connect\r\n- Add support for just global setting in routing simulation\r\n- Add option to apply profile settings to route simulation\r\n- Add config option to manually trust nodes\r\n- Split up navigator options into Hub types", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.16", + "created_at": "2023-08-24T07:31:44Z", + "date": "2023-08-24", + "repo": "spn" + }, + { + "name": "v1.4.3", + "tag_name": "v1.4.3", + "body": "\r\n\r\n- Ignore DNS request connection from kernel", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.3", + "created_at": "2023-08-19T11:59:56Z", + "date": "2023-08-19", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.7.4", + "tag_name": "portmaster-v0.7.4", + "body": "\r\n\r\n- Reset spn account loading flag on init", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.4", + "created_at": "2023-08-19T11:58:14Z", + "date": "2023-08-19", + "repo": "portmaster-ui" + }, + { + "name": "v1.4.2", + "tag_name": "v1.4.2", + "body": "\r\n\r\n- Recompile ebpf programs\r\n- Improve bandwidth update logging\r\n- Update special profile upgrade date\r\n- Fix network history clear API\r\n- Update network state tables if state is older than given packet\r\n- Use DNS request connections to attribute DNS requests\r\n- Remove check for self-communication (allowed by default)\r\n- Fix ebpf tcp ipv6", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.2", + "created_at": "2023-08-18T15:04:58Z", + "date": "2023-08-18", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.7.3", + "tag_name": "portmaster-v0.7.3", + "body": "\r\n\r\n- Bump portmaster module version\r\n- Fix country flag URL\r\n- Fix user profile subscriptions when no account is present or is deleted\r\n- Update clean history response parsing", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.3", + "created_at": "2023-08-18T14:55:56Z", + "date": "2023-08-18", + "repo": "portmaster-ui" + }, + { + "name": "portmaster-v0.7.2", + "tag_name": "portmaster-v0.7.2", + "body": "\r\n\r\n- Improve account and map display\r\n- Fix account purging", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.2", + "created_at": "2023-08-16T14:53:56Z", + "date": "2023-08-16", + "repo": "portmaster-ui" + }, + { + "name": "v1.4.1", + "tag_name": "v1.4.1", + "body": "\r\n\r\n- Update internal profile settings\r\n- Stop firewall handler earlier\r\n- Do not add internal and localhost connections to history\r\n- Disable connection self-check as it uses the old process detection\r\n- Improve performance when custom lists are not loaded\r\n- Correctly finalize DNS requests if filtered", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.1", + "created_at": "2023-08-11T10:33:13Z", + "date": "2023-08-11", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.7.1", + "tag_name": "portmaster-v0.7.1", + "body": "\r\n\r\n- Fix notifcations not disappearing immediately when acted upon\r\n- Improve Dashboard Tip Up\r\n- Add feature scout\r\n- Improve wording and logging\r\n- Improve map rendering\r\n- Fix notification height\r\n- Improve dashboard queries\r\n- Add Dashboard intro tip up\r\n- Fix and improve bandwidth display", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.1", + "created_at": "2023-08-11T10:30:31Z", + "date": "2023-08-11", + "repo": "portmaster-ui" + }, + { + "name": "v0.6.15 (lib only)", + "tag_name": "v0.6.15", + "body": "\r\n\r\n- Disable beta flag on network history", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.15", + "created_at": "2023-08-11T10:26:42Z", + "date": "2023-08-11", + "repo": "spn" + }, + { + "name": "portmaster-v0.7.0", + "tag_name": "portmaster-v0.7.0", + "body": "\r\n\r\n- Bump portmaster module version\r\n- Improve network history cleanup wording\r\n- Use updated function methods in notifier\r\n- Touch up dashboard and related changes\r\n- Add support to trigger history data retention\r\n- Redirect to dashboard when the app is opened\r\n- Finish dashboard implementation\r\n- Add first working dashboard version\r\n- Start work on dashboard", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.7.0", + "created_at": "2023-08-09T13:28:29Z", + "date": "2023-08-09", + "repo": "portmaster-ui" + }, + { + "name": "v1.4.0", + "tag_name": "v1.4.0", + "body": "\r\n\r\n- Bump core version\r\n- Improve logging and naming\r\n- Improve clear network history API endpoint\r\n- Add Cloudflare DNS as fallback quick setting\r\n- Udpate SPN lib\r\n- Improve history purging\r\n- Move history settings from profile to layered profile\r\n- Add support for history data retention\r\n- Add support for SUM in netquery", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.4.0", + "created_at": "2023-08-09T13:22:44Z", + "date": "2023-08-09", + "repo": "portmaster" + }, + { + "name": "v0.6.14 (lib only)", + "tag_name": "v0.6.14", + "body": "\r\n\r\n- Improve features\r\n- Add feature definitions", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.14", + "created_at": "2023-08-09T12:38:03Z", + "date": "2023-08-09", + "repo": "spn" + }, + { + "name": "v1.3.6", + "tag_name": "v1.3.6", + "body": "\r\n\r\n- Fix cleaning up incomplete connections\r\n- Fix updating feature flags", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.3.6", + "created_at": "2023-08-07T19:56:04Z", + "date": "2023-08-07", + "repo": "portmaster" + }, + { + "name": "v0.6.13 (lib only)", + "tag_name": "v0.6.13", + "body": "\r\n\r\n- Shadow User methods on UserRecord to allow nil calls", + "prerelease": true, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.13", + "created_at": "2023-08-07T19:52:50Z", + "date": "2023-08-07", + "repo": "spn" + }, + { + "name": "v0.6.12 (lib only)", + "tag_name": "v0.6.12", + "body": "\r\n\r\n- Add nil user check to MayUse", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.12", + "created_at": "2023-08-07T18:53:25Z", + "date": "2023-08-07", + "repo": "spn" + }, + { + "name": "portmaster-v0.6.2", + "tag_name": "portmaster-v0.6.2", + "body": "\r\n\r\n- Add and improve tip ups\r\n- Remove SPN network status\r\n- Improve and add pointers to Portmaster Plus\r\n- Improve support page layout and remove FAQ search for now\r\n- Improve wording on login pop up\r\n- Remove geo-unblock feature from SPN carousel\r\n- Add Portmaster Plus and Pro colors", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.6.2", + "created_at": "2023-08-07T15:01:43Z", + "date": "2023-08-07", + "repo": "portmaster-ui" + }, + { + "name": "v1.3.5", + "tag_name": "v1.3.5", + "body": "\r\n\r\n- Update SPN lib\r\n- Update all connection feature flags on account update\r\n- Fix filter list update warning on setting change\r\n- Update network history config option", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.3.5", + "created_at": "2023-08-07T14:50:07Z", + "date": "2023-08-07", + "repo": "portmaster" + }, + { + "name": "v0.6.11 (lib only)", + "tag_name": "v0.6.11", + "body": "\r\n\r\n- Add account update event", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.11", + "created_at": "2023-08-07T14:45:28Z", + "date": "2023-08-07", + "repo": "spn" + }, + { + "name": "v1.3.4", + "tag_name": "v1.3.4", + "body": "\r\n\r\n- Improve logging\r\n- Fix netquery connection ID generation\r\n- Fix race condition when setting firewall handler and starting worker\r\n- Fix and document netquery api endpoint permissions\r\n- Add support for DNS RRs SVCB and HTTP; improve DNS conn handling\r\n- Fix expiry times\r\n- Copy resolver IPScope to DNS connection IPScope\r\n- Fix eBPD PID detection for UDP on linux and recompile eBPF programs\r\n- Improve timeouts of compatibility check", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.3.4", + "created_at": "2023-08-04T20:22:56Z", + "date": "2023-08-04", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.6.1", + "tag_name": "portmaster-v0.6.1", + "body": "Changelog\r\n\r\n- Improve intro wording of network activity page\r\n- Move Search History toggle to filters\r\n- Filter by Internet Scope by default\r\n- Make history-database optional for netquery. Includes some additional minor fixes\r\n- Better handling of SPN map pin subscriptions\r\n- Better handling of subscription cancelation for portmaster api", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.6.1", + "created_at": "2023-08-01T14:27:36Z", + "date": "2023-08-01", + "repo": "portmaster-ui" + }, + { + "name": "v1.3.3", + "tag_name": "v1.3.3", + "body": "\r\n\r\n- Add 0.0.0.0 as local multicast source address\r\n- Do not query the history database by default", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.3.3", + "created_at": "2023-08-01T14:23:09Z", + "date": "2023-08-01", + "repo": "portmaster" + }, + { + "name": "v1.3.2", + "tag_name": "v1.3.2", + "body": "\r\n\r\n- Fix and improve packet handling procedures", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.3.2", + "created_at": "2023-07-28T21:33:29Z", + "date": "2023-07-28", + "repo": "portmaster" + }, + { + "name": "v1.3.1", + "tag_name": "v1.3.1", + "body": "\r\n\r\n- Bump core version\r\n- Improve upgraded log message\r\n- Udpate deps\r\n- Add ability to upgrade systemd service files\r\n- Improve logging and fix linter errors\r\n- Fix handling of connections without process\r\n- Improve account matching data\r\n- Fix history database URI on windows\r\n- Fix PID detection via eBPF\r\n- Improve ebpf permanent failure detection", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.3.1", + "created_at": "2023-07-28T15:11:30Z", + "date": "2023-07-28", + "repo": "portmaster" + }, + { + "name": "v0.6.10 (lib only)", + "tag_name": "v0.6.10", + "body": "\r\n\r\n- Fix and improve error handling of user account mgmt", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.10", + "created_at": "2023-07-28T14:57:18Z", + "date": "2023-07-28", + "repo": "spn" + }, + { + "name": "v1.3.0", + "tag_name": "v1.3.0", + "body": "\r\n\r\n- Bump core version\r\n- Add missing method comment\r\n- Update SPN to v0.6.9\r\n- Increase timeout of self-check\r\n- Improve updating allowed features on connection\r\n- Improve network history setting\r\n- Improve logging and make linter happy\r\n- Update BytesReceived/Sent field names\r\n- Reduce noisy logging\r\n- Update links in README\r\n- Persist bandwidth data in netquery DBs when enabled\r\n- Update config annotation\r\n- Update netquery to support history module\r\n- Make history module optional\r\n- Better utilize database indexes for UNION selects\r\n- Research on possible history module implementation using sqlite ATTACH DATABASE", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.3.0", + "created_at": "2023-07-22T18:51:05Z", + "date": "2023-07-22", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.6.0", + "tag_name": "portmaster-v0.6.0", + "body": "\r\n\r\n- Improve Network Activity view wording\r\n- Update network history settings key\r\n- Update setting annotation ID\r\n- Show bandwidth data for connections when available\r\n- Add support for the history module", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.6.0", + "created_at": "2023-07-22T18:30:51Z", + "date": "2023-07-22", + "repo": "portmaster-ui" + }, + { + "name": "v0.6.9 (lib only)", + "tag_name": "v0.6.9", + "body": "\r\n\r\n- Add InfoURL to access.Package\r\n- Add account features\r\n- Fix linter warning about missing comment for exported type\r\n- Add constants for feature IDs", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.9", + "created_at": "2023-07-22T18:16:49Z", + "date": "2023-07-22", + "repo": "spn" + }, + { + "name": "v1.2.0", + "tag_name": "v1.2.0", + "body": "\r\n\r\n- Add switch to reboot on internal restart\r\n- Update deps\r\n- Update golangci-lint config\r\n- Fix parsing tagged windows service names\r\n- Do not suggest using stale DNS cache when disabled by user\r\n- Match connections without PID only using UndefinedProcessID\r\n- Improve windows kext bandwidth stats monitor\r\n- Improve epbf bandwidth stats monitor\r\n- Improve ebpf connection listener\r\n- Add InfoPacket and BandwidthUpdate structs for cross platform usage\r\n- Rename files for clarity\r\n- Move interception module and better integrate workers\r\n- Use reported PIDs for DNS requests and improve data gathering process\r\n- Expose connection ID creation\r\n- Add and improve InfoOnly and ExpectInfo packet flags\r\n- Add example for getting bandwidth stats\r\n- Add missing ebpf compiled object\r\n- Make default pid to be -1 and remove unsafe code\r\n- Add ebpf bandwidth monitoring\r\n- Revamp connection handling flow to fix race condition and support info-only packets\r\n- Fix ebpf return on error\r\n- Add ebpf check for failed kernel functions\r\n- Fix ebpf source port, add event validation and simpify tcp monitoring\r\n- Add reading of the pid from the kext\r\n- Add ebpf compiled programs\r\n- Use datagram_connect for udp ebpf process detection\r\n- Add udp process detection with ebpf\r\n- Update libbpf\r\n- Add tcp process detection with ebpf", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.2.0", + "created_at": "2023-07-20T13:14:21Z", + "date": "2023-07-20", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.5.1", + "tag_name": "portmaster-v0.5.1", + "body": "\r\n\r\n- Fix pin-details in SPN map not showing up", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.5.1", + "created_at": "2023-07-11T12:08:20Z", + "date": "2023-07-11", + "repo": "portmaster-ui" + }, + { + "name": "v1.1.0", + "tag_name": "v1.1.0", + "body": "\r\n\r\n- Improve debug info order\r\n- Add API endpoint to retrieve a list of country center coordinates\r\n", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.1.0", + "created_at": "2023-05-24T08:52:26Z", + "date": "2023-05-24", + "repo": "portmaster" + }, + { + "name": "portmaster-v0.5.0", + "tag_name": "portmaster-v0.5.0", + "body": "\r\n\r\n- Update country center API path\r\n- Show Mbit/s instead of MB/s\r\n- Minor improvements to SPN page\r\n- Implement review suggestions, add \"logout completely\" button and only show prompt icon when globally enabled or pending prompts are available\r\n- Finished migration to angular 16\r\n- Finished update to angular@16\r\n- Partial upgrade to angular@15\r\n- Update typescript to 4.8\r\n- Major SPN map revamp\r\n- Use observable directly\r\n- Always show setting labels when in developer UI mode\r\n- Fix SPN missing info message", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.5.0", + "created_at": "2023-05-24T08:46:00Z", + "date": "2023-05-24", + "repo": "portmaster-ui" + }, + { + "name": "v1.0.14", + "tag_name": "v1.0.14", + "body": "\r\n\r\n- Fix slow queries sensor value calculation\r\n- Update IP of Applied Privacy DNS preset\r\n- Improve test suite\r\n- Calibrate process lookup times for Windows\r\n- Improve compatibility issue notifications", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.0.14", + "created_at": "2023-05-08T14:05:25Z", + "date": "2023-05-08", + "repo": "portmaster" + }, + { + "name": "v1.0.13", + "tag_name": "v1.0.13", + "body": "\r\n\r\n- Add binary path to integration test utiltool\r\n- Add integrationtest utility\r\n- Suggest using stale DNS cache when queries are slow\r\n- Improve rules config description\r\n- Add flags to specify custom update server\r\n- Add config option to always use stale DNS cache entries\r\n- Reduce running of background tasks on sleep mode\r\n- Add check for special android ip in online status check\r\n- Increase max state table lookup time window\r\n- Fix closing nf conntrack session when stopping during start\r\n- Improve user agents\r\n- Fix custom filter list load\r\n- Fix android update system", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.0.13", + "created_at": "2023-04-25T12:49:45Z", + "date": "2023-04-25", + "repo": "portmaster" + }, + { + "name": "v0.6.8 (lib only)", + "tag_name": "v0.6.8", + "body": "\r\n\r\n- Update portbase\r\n- Reduce health check time tick in sleep mode\r\n- Fix golang-ci linter in CI\r\n- Improve user agent", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.8", + "created_at": "2023-04-25T12:14:56Z", + "date": "2023-04-25", + "repo": "spn" + }, + { + "name": "v1.0.12", + "tag_name": "v1.0.12", + "body": "\r\n\r\n- Update SPN and portbase\r\n- Improve portmaster-start update logging\r\n- Expose network change check trigger\r\n- Fix special process loading\r\n- Split auto update settings and add support for registry state", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.0.12", + "created_at": "2023-04-06T14:31:28Z", + "date": "2023-04-06", + "repo": "portmaster" + }, + { + "name": "v0.6.7 (lib only)", + "tag_name": "v0.6.7", + "body": "\r\n\r\n- Only use IPv6 to connect to Hub when client has IPv6 enabled\r\n- Trigger network change detection if remote IP is detected in sluice", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.7", + "created_at": "2023-04-06T14:11:23Z", + "date": "2023-04-06", + "repo": "spn" + }, + { + "name": "portmaster-v0.4.6", + "tag_name": "portmaster-v0.4.6", + "body": "Changelog\r\n\r\n- Show subscription plans correctly\r\n- Adapt to new process key", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.4.6", + "created_at": "2023-03-30T14:24:36Z", + "date": "2023-03-30", + "repo": "portmaster-ui" + }, + { + "name": "v1.0.11", + "tag_name": "v1.0.11", + "body": "\r\n\r\n- Improve lookup tries for network state\r\n- Fix getting updated tables immediately\r\n- Ignore if parent process does not exist\r\n- Improve network state caching\r\n- Fix parent process key an refactoring\r\n- Fix process identification key\r\n- Fix matching TCP connections\r\n- Improve support for disabled IPv6 stack\r\n- Downgrade gvisor", + "prerelease": false, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.0.11", + "created_at": "2023-03-30T14:21:12Z", + "date": "2023-03-30", + "repo": "portmaster" + }, + { + "name": "v0.6.6", + "tag_name": "v0.6.6", + "body": "\r\n\r\n- Fix no activity terminal shutdown and improve flushing timeouts\r\n", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.6", + "created_at": "2023-03-29T17:56:41Z", + "date": "2023-03-29", + "repo": "spn" + }, + { + "name": "v1.0.10", + "tag_name": "v1.0.10", + "body": "\r\n\r\n- Update SPN\r\n- Add geoip regions to improve distance estimation\r\n- Add current time to broadcast matching data", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.0.10", + "created_at": "2023-03-23T15:52:16Z", + "date": "2023-03-23", + "repo": "portmaster" + }, + { + "name": "v0.6.5", + "tag_name": "v0.6.5", + "body": "\r\n\r\n- Collect findnearest debug data and add api to test routing\r\n- Improve routing conditions\r\n- Retry to initialize map from DB if it fails\r\n- Ignore session to failing hubs and reset failings when re-connecting\r\n- Check routes for failed hubs before building\r\n- Fix ensuring matching IP stacks when finding nearest pins\r\n- Fix scheduler slot skew and improve stats/metrics\r\n- Add ConnectAfterlogin flag option", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.5", + "created_at": "2023-03-23T15:48:27Z", + "date": "2023-03-23", + "repo": "spn" + }, + { + "name": "v1.0.9", + "tag_name": "v1.0.9", + "body": "\r\n\r\n- Update SPN\r\n- Warn when query fails\r\n- Improve network proximity thresholds\r\n- Fix traceroute location checking", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.0.9", + "created_at": "2023-03-17T08:27:43Z", + "date": "2023-03-17", + "repo": "portmaster" + }, + { + "name": "v0.6.4 (lib only)", + "tag_name": "v0.6.4", + "body": "\r\n\r\n- Fix findnearest test\r\n- Fix connect op in/out data histogram\r\n- Add connect op TTCR and TTFB metrics\r\n- Improve home hub errors and home hub routing handling\r\n- Lower destination cost for better balance in routing\r\n- Randomize top nearby pins and routes for load balancing\r\n- Switch to cost-based calculation for finding nearest pins, include more cost data\r\n- Use new ping op for pinging Home Hub\r\n- Fix hub comparison for superseding", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.4", + "created_at": "2023-03-17T08:10:20Z", + "date": "2023-03-17", + "repo": "spn" + }, + { + "name": "v1.0.8", + "tag_name": "v1.0.8", + "body": "\r\n\r\n- Update SPN + deps\r\n- Move log cleaner from core to base module\r\n", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster/releases/tag/v1.0.8", + "created_at": "2023-03-13T15:40:01Z", + "date": "2023-03-13", + "repo": "portmaster" + }, + { + "name": "v0.6.3", + "tag_name": "v0.6.3", + "body": "\r\n\r\n- Initialize and reset slot pace stats correctly\r\n- Improve unit scheduler debugging\r\n- Test IPv4 and IPv6 connectivity separately\r\n- Simplify and stabilize unit scheduling\r\n- Increase the timeout for initial auth and ping checks\r\n- Merge multiple bootstrap transports from same hub\r\n- Build hub for arm64\r\n- Avoid only Hub, not full country if connection fails\r\n- Add timeout to DFQ flush\r\n- Measure less often\r\n- Fix handling of 1 byte crane messages", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.3", + "created_at": "2023-03-13T15:30:45Z", + "date": "2023-03-13", + "repo": "spn" + }, + { + "name": "v0.6.2", + "tag_name": "v0.6.2", + "body": "\r\n\r\n- Bump hub version\r\n- Update deps\r\n- Update map intel test file\r\n- Add reachability checking using new ping operation\r\n- Add ping operation\r\n- Fix unit leak in capacity operation\r\n- Fix crane context usage\r\n- Improve unit scheduling debug messages\r\n- Do not deliver msgs to stopped operations\r\n- Raise default hub log level to warning", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.2", + "created_at": "2023-02-21T14:58:54Z", + "date": "2023-02-21", + "repo": "spn" + }, + { + "name": "v0.6.1", + "tag_name": "v0.6.1", + "body": "\r\n\r\n- Update account subscription data\r\n- Fix advisory rule application\r\n- Use public docker image for simple testnet\r\n- Expose SPN connected event\r\n- Improve invalid device HTTP status\r\n- Add patrol module to check network connectivity on hubs and react and client\r\n- Add cli flag for unit scheduler debugging\r\n- Fix proper shutdown of connect ops\r\n- Fix 32 bit support and add desktop client config. (#148)", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.1", + "created_at": "2023-01-30T13:41:57Z", + "date": "2023-01-30", + "repo": "spn" + }, + { + "name": "v0.6.0", + "tag_name": "v0.6.0", + "body": "\r\n\r\n- Improve usage of context and timeouts\r\n- Enable ui module for SPN Hub.\r\n- Improve naming of Unit methods\r\n- Implement review suggestions\r\n- Fix rate limiting\r\n- Improve unit scheduler\r\n- Fix new operation init\r\n- Improve terminal error handling, stick to idiomatic Go\r\n- Add different scheduling config for clients\r\n- Fix and improve scheduling config\r\n- Add unit scheduling metrics\r\n- Add epochs to unit slot scheduler\r\n- Give clearance to all units when stopping\r\n- Add unit leak debugger and fix unit leaks\r\n- Update connect request tags\r\n- Remove submit control and improve terminal\r\n- Apply unit scheduling to remaining operations\r\n- Fix crane destruction and expansion terminal init\r\n- Apply new unit scheduling and terminal interfaces to docks\r\n- Expose unit scheduler state snapshot\r\n- Improve unit scheduler\r\n- Improve terminal and terminal bases, including unit handling\r\n- Improve operation and operation bases\r\n- Simplify terminal interfacing and sending upstream\r\n- Apply unit scheduling to terminal and operation bases\r\n- Move scheduler to struct and improve documentation\r\n- Add unit: a packet focused scheduling approach", + "prerelease": false, + "html_url": "https://github.com/safing/spn/releases/tag/v0.6.0", + "created_at": "2022-12-20T16:13:53Z", + "date": "2022-12-20", + "repo": "spn" + }, + { + "name": "portmaster-v0.4.5", + "tag_name": "portmaster-v0.4.5", + "body": "\r\n\r\n- Fix account showing switches", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.4.5", + "created_at": "2022-12-12T14:14:41Z", + "date": "2022-12-12", + "repo": "portmaster-ui" + }, + { + "name": "v0.5.8 (lib only)", + "tag_name": "v0.5.8", + "body": "\r\n\r\n- Fix account updating", + "prerelease": true, + "html_url": "https://github.com/safing/spn/releases/tag/v0.5.8", + "created_at": "2022-12-12T14:01:09Z", + "date": "2022-12-12", + "repo": "spn" + }, + { + "name": "portmaster-v0.4.4", + "tag_name": "portmaster-v0.4.4", + "body": "\r\n\r\n- Bump portmaster module version\r\n- Fix typos and update URLs\r\n- Update SPN status widget for new account type\r\n- Add new account messages to account pop up", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.4.4", + "created_at": "2022-12-07T15:09:03Z", + "date": "2022-12-07", + "repo": "portmaster-ui" + }, + { + "name": "portmaster-v0.4.3", + "tag_name": "portmaster-v0.4.3", + "body": "\r\n\r\n- Various improvements for smaller screen sizes. Fix network rating\r\n- Add default windows icon to ignore list\r\n", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.4.3", + "created_at": "2022-11-10T16:13:56Z", + "date": "2022-11-10", + "repo": "portmaster-ui" + }, + { + "name": "portmaster-v0.4.2", + "tag_name": "portmaster-v0.4.2", + "body": "\r\n\r\n- Hide SPN tunnel info for LAN and localhost connections\r\n- Fix settings not being saved and the SPN feature carousel leaking CSS", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.4.2", + "created_at": "2022-10-19T09:30:15Z", + "date": "2022-10-19", + "repo": "portmaster-ui" + }, + { + "name": "notifier-v0.3.5", + "tag_name": "notifier-v0.3.5", + "body": "\r\n\r\n- initialize library on startup, lib api update\r\n", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/notifier-v0.3.5", + "created_at": "2022-10-18T13:25:47Z", + "date": "2022-10-18", + "repo": "portmaster-ui" + }, + { + "name": "portmaster-v0.4.1", + "tag_name": "portmaster-v0.4.1", + "body": "\r\n\r\n- Fix nodejs version for github action\r\n- Only load app-icon if presentation path is set\r\n- Fix linting errors and add github action\r\n- Improve styling of shared \"More\" dropdown and add \"App Settings\" link to grouped-by-app row\r\n- Fix styling of netquery search bar\r\n- Update side-dash to navigate to app connections and only expand when clicking the chevron\r\n- Add a \"all-done\" icon to prompt and notification list if they are empty\r\n- Fix abort-button not working when editing/creating a new rule\r\n- Hide app-icon for some special profiles and fix incorrect profile source\r\n- Fix support page layout changing depending on issue-title length\r\n- Fix SPN map behaving strange on pan and zoom\r\n- Do not show path and binary name if they are empty\r\n- Add tooltips to all main navigation items\r\n- Fix broken styling of text-input in confirmation dialog used when asking for an email\r\n- Fix URL query parameter mangling when reloading the current router URL", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.4.1", + "created_at": "2022-10-18T13:25:47Z", + "date": "2022-10-18", + "repo": "portmaster-ui" + }, + { + "name": "assets-v0.3.1", + "tag_name": "assets-v0.3.1", + "body": "", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/assets-v0.3.1", + "created_at": "2022-10-13T13:33:45Z", + "date": "2022-10-13", + "repo": "portmaster-ui" + }, + { + "name": "notifier-v0.3.4", + "tag_name": "notifier-v0.3.4", + "body": "\r\n\r\n- Remove security level code\r\n- Added ActionInvoked check on linux notifications\r\n- Fix notification event handling\r\n", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/notifier-v0.3.4", + "created_at": "2022-10-13T13:33:45Z", + "date": "2022-10-13", + "repo": "portmaster-ui" + }, + { + "name": "portmaster-v0.4.0", + "tag_name": "portmaster-v0.4.0", + "body": "\r\n\r\n- Add support to open parent process details\r\n- Add process details dialog. A bunch of minor improvements and fixes\r\n- Add support to create and edit profiles and fingerprints. Minor improvements for the v1 release\r\n- Add SPN feature carousel and multiple fixes\r\n", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.4.0", + "created_at": "2022-10-11T07:20:23Z", + "date": "2022-10-11", + "repo": "portmaster-ui" + }, + { + "name": "notifier-v0.3.3", + "tag_name": "notifier-v0.3.3", + "body": "", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/notifier-v0.3.3", + "created_at": "2022-10-10T14:14:05Z", + "date": "2022-10-10", + "repo": "portmaster-ui" + }, + { + "name": "portmaster-v0.3.6", + "tag_name": "portmaster-v0.3.6", + "body": "\r\n\r\n- Don't group by app by default. Load results chart after the first page has been loaded\r\n- Show tooltip with allow/block reason when hoving the verdict color indicator. Fixes #298\r\n- Fix different values for boolean allowed filter. Fixes safing/portmaster#804\r\n- Fix whitespace break in connection reason. Fixes #287\r\n- Increase button hit box in network scout and correctly handle developermode\r\n- Fix SPN account state handling in account details and login page\r\n- Trim whitespace from ordered list before saving. Fixes #221\r\n- Add inidcation that sub-filter lists are selected. Fixes #296\r\n- Fix change detection not being triggered correctly in app-icon\r\n- Reverse collapse/expand button for SPN hub details\r\n- Reverse the side-dash button in the navigation\r\n- Fix scrolling when side-dash overflows the app height\r\n- Apply user-supplied query in exide-node profile stats\r\n- Fix dialog styles not being applied correctly\r\n- Fix sfng-select incorrectly adding an empty option\r\n- Allow bulk deletion of rules and ask for confirmation. Save on enter. Fixes safing/portmaster#806. fixes #220\r\n- Decrease polling timeout and use correct command to stop on windows. Fixes #234", + "prerelease": true, + "html_url": "https://github.com/safing/portmaster-ui/releases/tag/portmaster-v0.3.6", + "created_at": "2022-09-23T08:21:52Z", + "date": "2022-09-23", + "repo": "portmaster-ui" + } +] diff --git a/_data/releases/config.yml b/_data/releases/config.yml new file mode 100644 index 0000000..5575f1b --- /dev/null +++ b/_data/releases/config.yml @@ -0,0 +1,17 @@ +repos: + - id: portmaster + name: "Portmaster" + resource: "windows_amd64/core/portmaster-core.exe" + - id: spn + name: "SPN" + - id: portmaster-ui + tag-names: + portmaster: "UI" + notifier: "Notifier" + assets: "UI Assets" + app-electron: "UI App" + tag-resources: + portmaster: "all/ui/modules/portmaster.zip" + notifier: "windows_amd64/notifier/portmaster-notifier.exe" + assets: "all/ui/modules/assets.zip" + app-electron: "windows_amd64/app/portmaster-app.zip" diff --git a/_data/versions/beta.json b/_data/versions/beta.json new file mode 100644 index 0000000..457259c --- /dev/null +++ b/_data/versions/beta.json @@ -0,0 +1,13 @@ +{ + "Channel": "beta", + "Published": "2023-10-18T14:51:51Z", + "Releases": { + "all/ui/modules/portmaster.zip": "0.7.13", + "darwin_amd64/core/portmaster-core": "1.5.1", + "darwin_arm64/core/portmaster-core": "1.5.1", + "linux_amd64/core/portmaster-core": "1.5.1", + "linux_arm64/core/portmaster-core": "1.5.1", + "windows_amd64/core/portmaster-core.exe": "1.5.1", + "windows_arm64/core/portmaster-core.exe": "1.5.1" + } +} \ No newline at end of file diff --git a/_data/versions/stable.json b/_data/versions/stable.json new file mode 100644 index 0000000..0903261 --- /dev/null +++ b/_data/versions/stable.json @@ -0,0 +1,59 @@ +{ + "Channel": "stable", + "Published": "2023-10-23T10:48:57Z", + "Releases": { + "all/dashboards/hubs.json": "0.0.2", + "all/intel/geoip/geoipv4.mmdb.gz": "20230102.9.32", + "all/intel/geoip/geoipv6.mmdb.gz": "20230102.13.14", + "all/ui/modules/assets.zip": "0.3.1", + "all/ui/modules/base.zip": "0.2.11", + "all/ui/modules/console.zip": "0.1.11", + "all/ui/modules/monitor.zip": "0.2.4", + "all/ui/modules/portmaster.zip": "0.7.13", + "all/ui/modules/profilemgr.zip": "0.1.7", + "all/ui/modules/settings.zip": "0.1.8", + "android_any/app/portmaster-beta.apk": "0.0.3", + "darwin_amd64/core/portmaster-core": "1.5.1", + "darwin_amd64/hub/spn-hub": "0.7.3", + "darwin_amd64/jess/jess": "0.3.1", + "darwin_amd64/start/portmaster-start": "1.0.13", + "darwin_arm64/core/portmaster-core": "1.5.1", + "darwin_arm64/hub/spn-hub": "0.7.3", + "darwin_arm64/jess/jess": "0.3.1", + "darwin_arm64/start/portmaster-start": "1.0.13", + "linux_all/packages/install.sh": "1.0.0", + "linux_all/packages/installer-assets.tar.gz": "1.0.0", + "linux_amd64/app/portmaster-app.zip": "0.2.5", + "linux_amd64/core/portmaster-core": "1.5.1", + "linux_amd64/hub/spn-hub": "0.7.3", + "linux_amd64/jess/jess": "0.3.1", + "linux_amd64/notifier/portmaster-notifier": "0.3.5", + "linux_amd64/packages/portmaster-installer.deb": "1.0.0", + "linux_amd64/packages/portmaster-installer.rpm": "1.0.0", + "linux_amd64/start/portmaster-start": "1.0.13", + "linux_arm64/app/portmaster-app.zip": "0.2.5", + "linux_arm64/core/portmaster-core": "1.5.1", + "linux_arm64/hub/spn-hub": "0.7.3", + "linux_arm64/jess/jess": "0.3.1", + "linux_arm64/notifier/portmaster-notifier": "0.3.5", + "linux_arm64/start/portmaster-start": "1.0.13", + "windows_amd64/app/portmaster-app.zip": "0.2.5", + "windows_amd64/core/portmaster-core.exe": "1.5.1", + "windows_amd64/hub/spn-hub.exe": "0.7.3", + "windows_amd64/jess/jess.exe": "0.3.1", + "windows_amd64/kext/portmaster-kext.dll": "1.0.14", + "windows_amd64/kext/portmaster-kext.pdb": "1.1.2", + "windows_amd64/kext/portmaster-kext.sys": "1.1.2", + "windows_amd64/notifier/portmaster-notifier.exe": "0.3.5", + "windows_amd64/notifier/portmaster-snoretoast.exe": "0.6.0", + "windows_amd64/notifier/portmaster-wintoast.dll": "0.1.4", + "windows_amd64/packages/portmaster-installer.exe": "1.0.13", + "windows_amd64/start/portmaster-start.exe": "1.0.13", + "windows_arm64/app/portmaster-app.zip": "0.2.5", + "windows_arm64/core/portmaster-core.exe": "1.5.1", + "windows_arm64/hub/spn-hub.exe": "0.7.3", + "windows_arm64/jess/jess.exe": "0.3.1", + "windows_arm64/notifier/portmaster-notifier.exe": "0.3.5", + "windows_arm64/start/portmaster-start.exe": "1.0.13" + } +} \ No newline at end of file diff --git a/_includes/faq-by-category.md b/_includes/faq-by-category.md deleted file mode 100644 index 325af89..0000000 --- a/_includes/faq-by-category.md +++ /dev/null @@ -1,29 +0,0 @@ -{% for category in site.data.faq-config.categories %} - -{% if include.textformat %} -{{ category }} -{% else %} -#### {{ category }} -{% endif -%} - - {%- for faq in site.data.faq-data -%} - - {%- assign entryCategories = "" -%} - {%- assign splittedBody = faq.body | split: "---" -%} - {%- if splittedBody.size >= 2 -%} - {%- assign splittedMetaSection = splittedBody | last | split: "Categories: " -%} - {%- if splittedMetaSection.size >= 2 -%} - {%- assign entryCategories = splittedMetaSection | last -%} - {%- endif -%} - {%- endif -%} - - {%- if entryCategories != "" and entryCategories contains category -%} - {%- if include.textformat %} -{{ faq.title | remove_first: "FAQ: " }} - {{ faq.url }} - {%- else %} -- [{{ faq.title | remove_first: "FAQ: " }}]({{ faq.url }}) - {%- endif -%} - {%- endif -%} - - {%- endfor -%} -{%- endfor %} diff --git a/_includes/faq/index-by-category.md b/_includes/faq/index-by-category.md new file mode 100644 index 0000000..371943d --- /dev/null +++ b/_includes/faq/index-by-category.md @@ -0,0 +1,23 @@ +{% for category in site.data.faq.config.categories %} + +{% if include.textformat %} +{{ category }} +{% else %} +#### {{ category }} +{% endif -%} + + {%- for faq in site.data.faq.all -%} + + {%- if faq.categories contains category -%} + {%- assign title = faq.title | remove_first: "FAQ: " -%} + {%- capture url -%}{{ site.url }}{{ site.faq_url }}#{{ faq.title | remove_first: "FAQ: " | slugify }}{%- endcapture -%} + {%- if include.textformat %} +{{ title }} - {{ url }} + {%- else %} +- [{{ title }}]({{ url }}) + {%- endif -%} + {%- endif -%} + + {%- endfor -%} + +{%- endfor %} diff --git a/_includes/faq/index.md b/_includes/faq/index.md new file mode 100644 index 0000000..4670dec --- /dev/null +++ b/_includes/faq/index.md @@ -0,0 +1,9 @@ +{%- for faq in site.data.faq.all -%} + {%- assign title = faq.title | remove_first: "FAQ: " -%} + {%- capture url -%}{{ site.url }}{{ site.faq_url }}#{{ faq.title | remove_first: "FAQ: " | slugify }}{%- endcapture -%} + {%- if include.textformat %} +{{ title }} - {{ url }} + {%- else %} +- [{{ title }}]({{ url }}) + {%- endif -%} +{%- endfor -%} diff --git a/_includes/nav.html b/_includes/nav.html index f5df63a..81e44f1 100644 --- a/_includes/nav.html +++ b/_includes/nav.html @@ -33,8 +33,8 @@
  • - - Docs + + Wiki
  • @@ -86,6 +86,6 @@ -
    - The Docs are a work in progress. New sections and improvements will be added in the future. +
    + This site is migrating to wiki.safing.io, which is being maintained by Safing and the community alike.
    diff --git a/_layouts/base.html b/_layouts/base.html index 8121cb9..1aeb7c2 100644 --- a/_layouts/base.html +++ b/_layouts/base.html @@ -33,7 +33,8 @@

    {% unless page.skip_toc == true %} - {% include toc.html html=content ordered=true id="markdown-toc" h_max=5 %} + {% assign h_max_var = page.toc_max_header | default: 5 %} + {% include toc.html html=content ordered=true id="markdown-toc" h_max=h_max_var %} {% endunless %} {{ content }} @@ -41,4 +42,4 @@

    - \ No newline at end of file + diff --git a/assets/css/main.css b/assets/css/main.css index 8bf751a..b27e31f 100644 --- a/assets/css/main.css +++ b/assets/css/main.css @@ -720,6 +720,39 @@ input:checked~.tab-content { color : #484848; } + +.changelog-badge { + font-size : .8rem; + margin-top : 4px; + padding-left : .65rem; + padding-right : .65rem; + padding-top : .2rem; + padding-bottom : .2rem; + line-height : 1.25rem; + font-weight : 500; + align-items : center; + display : inline-flex; + border-radius : 9999px; + width : max-content; + vertical-align : super; +} + +.changelog-badge.stable { + background-color: #ebf8ff; + color : #2c5282; +} + +.changelog-badge.beta { + background-color: #ffebf8; + color : #8f1170; +} + +.changelog-badge.staging { + background-color: #f7f7f7; + color : #484848; +} + + #page-container content #markdown-toc { padding-bottom: 2rem; } @@ -1123,6 +1156,16 @@ table.tag-explainers a[href^="#"]:before { opacity: 1; } + +/* Special purpose classes */ + +.hidden-keywords { + height: 0px; + width: 0px; + display: inline-block; + overflow: hidden; +} + /* No JS Switches */ .hide-no-js { diff --git a/index.md b/index.md index 9f04009..a122026 100644 --- a/index.md +++ b/index.md @@ -13,6 +13,6 @@ Get started by: ### Frequently Asked Questions -You can [search through all entries on GitHub](https://github.com/issues?q=archived%3Afalse+user%3Asafing+sort%3Aupdated-desc+label%3Afaq). +You can search with your browser on [this page]({{ site.faq_url }}) or [search through all entries on GitHub](https://github.com/issues?q=archived%3Afalse+user%3Asafing+sort%3Aupdated-desc+label%3Afaq). -{% include faq-by-category.md %} \ No newline at end of file +{% include faq/index-by-category.md %} diff --git a/portmaster/api.md b/portmaster/api.md index c9f6d6d..c992d01 100644 --- a/portmaster/api.md +++ b/portmaster/api.md @@ -9,7 +9,7 @@ This page lists all API endpoints of the Portmaster.

    - This page is very much in progress and may not be fully accurate and up to date. Additionally, the API itself is not stable yet. + This page is very much in progress and may not be fully accurate and up to date. If you plan to develop something that interacts with the Portmaster, we'd love to hear from you and talk about it!

    diff --git a/portmaster/architecture/core-service/privacy-filter/index.md b/portmaster/architecture/core-service/privacy-filter/index.md index 987cf24..96cae5d 100644 --- a/portmaster/architecture/core-service/privacy-filter/index.md +++ b/portmaster/architecture/core-service/privacy-filter/index.md @@ -32,50 +32,58 @@ Because the Portmaster operates on the [Network Layer (Layer 3)](https://en.wiki These are the stages which every connection goes through when being evaluated - from top to bottom: -###### Own Connections -The Portmaster checks if the connections belongs to itself. This is important in order to prevent the Portmaster from breaking itself. This in no way reduces control of the user over the Portmaster: Every feature that requires network communication can be turned off. +###### Special and Edge Cases -###### Internal Connections -Connections that come from and go to the same program/binary, even if they are different processes. These are always allowed. +Before any further processing takes places, Portmaster checks if the connections is one of a few special cases that are always allowed in order to keep everything operational. These are: + +- __Network Management Connections__ + - Automatic network configuration via DHCP and DHCPv6 + - Network error messages via ICMP and ICMPv6 +- __Portmaster Itself__ + - Outgoing connections from Portmaster (Corresponding features can be disabled) + - Device-Local incoming connections to Portmaster +- __Internal App Connections__ + - Connections that come from and go to the same app/binary, even if they are different processes. + +If you are using the Simple User Interface, then connections matching these criteria will not show up in order to not confuse you. The Advanced and Developer Interface will show some of these connections. ###### Connection Type -Incoming or direct connections (P2P) are blocked, if configured. + +Incoming or direct connections (P2P) are blocked, if enabled by {% include setting/ref.html key="filter/blockInbound" %} or {% include setting/ref.html key="filter/blockP2P" %}. ###### Connection Scope -Connections are blocked according to their scope if enabled by `Block Device-Local Connections`, `Block LAN` or `Block Internet Access`. This applies to both incoming and outgoing connections. -###### Rules -Connections are matched against the rule list: +Connections are blocked according to their scope if enabled by {% include setting/ref.html key="filter/blockInternet" %}, {% include setting/ref.html key="filter/blockLAN" %} or {% include setting/ref.html key="filter/blockLocal" %}. This applies to both incoming and outgoing connections. -- (1) Outgoing Rules: Rules that apply to outgoing network connections. Cannot overrule the above mentioned Connection Scopes and Connection Types. +###### Rules -- (2) Incoming Rules: Rules that apply to incoming network connections. Cannot overrule the above mentioned Connection Scopes and Connection Types. +Connections are matched against the rule list: -_Note: The default action for incoming connections is to always block_ +1. {% include setting/ref.html key="filter/endpoints" %}: Rules that apply to outgoing network connections. Cannot overrule the above mentioned Connection Scopes and Connection Types. +2. {% include setting/ref.html key="filter/serviceEndpoints" %}: Rules that apply to incoming network connections. Cannot overrule the above mentioned Connection Scopes and Connection Types. ###### Connectivity Domains -Numerous systems and softare use a special domain in order to determine if they are online or not. The Portmaster grants special access to these domains if the Portmaster has not yet detected that the device is online. This improves network bootstrapping. + +Numerous systems and softare use a special domain in order to determine if they are online or not. The Portmaster grants special access to these domains _only while_ Portmaster has not yet detected that the device is online. This improves network bootstrapping. ###### Bypass Prevention -Processes are prevented from bypassing the Portmaster. This includes: -- Notifying Firefox that it should not use its own DNS-over-HTTPS resolver, but fall back to plain DNS, which the Portmaster then handles. +Processes are prevented from bypassing Portmaster if enabled by {% include setting/ref.html key="filter/preventBypassing" %}. This includes: + +- Notifying Firefox that it should not use its own DNS-over-HTTPS resolver, but fall back to plain DNS, which the Portmaster then handles securely for you. - Blocking known domains and IPs of DoH and DoT nameservers. ###### Filter Lists -Blocks connection if the domain is listed on an activated filter list. -###### Default Action For Incoming Connections -At this point any incoming connection is blocked by default. +Blocks connection if the domain or IP address is listed in one of the activated {% include setting/ref.html key="filter/lists" %}. ###### Domain Heuristics -The Portmaster applies some basic heuristics to detect malicious behaviour in the DNS system. This currently is rather primitive, but should be able to block the most obvious domains generated by malware, but also DNS tunnels. -###### Auto Permit -This a convenience feature that aims to reduce the amount of user interaction for simple applications. It checks if it can find a match between a process and the server it wants to connect to. It currently checks name similarity and will check based on signatures in the future. If there is a good enough match, the connection is permitted. Example: `Spotify` wants to connect to `spotify.com`. +The Portmaster applies some basic heuristics to detect malicious behaviour in the DNS system if enabled by {% include setting/ref.html key="filter/domainHeuristics" %}. This currently is rather primitive, but should be able to block the most obvious domains generated by malware, but also DNS tunnels. + +###### Default Network Action -###### Default Action -If nothing up to this point wanted to have a say in the decision, the default action is applied. +If nothing up to this point wanted to have a say in the decision, the {% include setting/ref.html key="filter/defaultAction" %} is applied. ### Filter Lists @@ -104,6 +112,6 @@ We currently build our own IP metadata database, which includes: - ASN (Autonomous System Number) - Owner (Organization) -The data comes from [DB-IP](https://db-ip.com/) and [IPtoASN](https://iptoasn.com/) and we merge both data sources into a new database in the `mmdb` format created by [MaxMind](https://www.maxmind.com/). +The data comes from [DB-IP](https://db-ip.com/), [IPtoASN](https://iptoasn.com/) and [IPFire Location](https://location.ipfire.org/), which we merge into a new database in the `mmdb` format created by [MaxMind](https://www.maxmind.com/). We will also add more detailed logical Internet location information from our own gathering system in the future. diff --git a/portmaster/architecture/update-system.md b/portmaster/architecture/update-system.md new file mode 100644 index 0000000..cc6d368 --- /dev/null +++ b/portmaster/architecture/update-system.md @@ -0,0 +1,176 @@ +--- +title: Update System +layout: base +--- + +Portmaster features an automatic update system that keeps all components up to date and provides fresh hourly intelligence data for effective privacy protection. To secure this process, updates are signed and signatures are checked when downloading. + +The Portmaster Core Service regularly checks for updates in the background by downloading small index files from the update server. It then checks if it has all the newest versions and downloads any updates files. Some updates are applied automatically in the background, for others you will be prompted to restart the Portmaster to apply them. + +Currently, updates are checked shorty after starting and every hour after that. This tight update schedule is important both for supplying fixes and quickly providing crucial updates for intelligence data. + +When designing this system, we took extra care to not only increase your personal security and privacy through fast updates, but also to protect your privacy from our systems during that process. We don't want Portmaster users to be trackable by the update system. To ensure this, we have taken great care to quickly delete any logs and make sure that nothing else leaks in the process. Our [privacy policy]({{ site.privacy_url }}) lays out the details. + +The [changelog](/portmaster/changelog) shows the current versions and changes. + +### Channels + +In order to test new features and triage problems with users, we have different {% include setting/ref.html key="core/releaseChannel" %}s, which you can configure in the settings: + +__Stable__ +The overwhelming majority of users will always be on the Stable release channel, as this will give them the best experience. +Releases in this channel have been tested to prevent severe issues. + +While the intelligence data has its own index file, it is part of the Stable channel. All other release channels also include the Stable channel as a fallback for not otherwise defined versions. + +__Beta__ +New features and complex bug fixes are first released to the Beta channel in order to test them on more devices. +While this means that Beta versions may have bugs more often, they are also fixed a lot faster. +If anything disrupts your workflow, you can always switch back to Stable. +This channel includes the Stable channel. + +__Staging__ +The Staging release channel is used for smoke testing new releases or deploying internal development versions to many devices. +Releases in this channel may not have a matching version tag and their source may not yet be published. +This channel includes both the Beta and Stable channels. +Only use temporarily and when instructed. + +__Support__ +When customers are facing issues, we sometimes push special versions to this channel to triage problems. +This channel includes the Stable channel. +Only use temporarily and when instructed. + +### Signatures + +All our updates are fully signed and protected. This fully secures the update system from being maliciously used to harm our users. + +Updates are built and signed locally and then pushed to the update server. The update server itself does not have access to the signing keys. + +### Disabling + +If you wish to do so, you can disable {% include setting/ref.html key="core/automaticUpdates" %}. We do not recommend doing this as this will cut you off from quickly getting security fixes and new intelligence data. + +If automatic updates are disabled, you can still manually trigger downloading updates when you want to - and you should do so regularly. + +### Technical Details + +#### Indexes + +- `stable.json` - Defines versions for the Stable release channel. +- `beta.json` - Defines versions for the Beta release channel. +- `staging.json` - Defines versions for the Staging release channel. +- `support.json` - Defines versions for the Support release channel. +- `all/intel/intel.json` - Defines versions for intelligence data. + +Please note that during migration phases, indexes are available as `.v2.json` on the update server, but as still saved as `.json` files locally. + +#### Structure + +The update system uses a very simple structure to organize its files: + +- A plain file structure is kept on the server. +- Resource identifiers correspond to their filepath. +- Index files specify which versions should be used. + +Here is excerpt of the main `stable.json` index file, + +``` +{ + "Channel": "stable", + "Published": "2022-10-20T06:37:10Z", + "Releases": { +[...] + "all/ui/modules/portmaster.zip": "0.4.2", + "windows_amd64/core/portmaster-core.exe": "1.0.0", + "windows_amd64/kext/portmaster-kext.dll": "1.0.14", + "windows_amd64/kext/portmaster-kext.sys": "1.0.14", + "windows_amd64/notifier/portmaster-notifier.exe": "0.3.5", +[...] + } +} +``` + +which corresponds to this file structure in the `updates` directory: + +``` +all/ui/modules/portmaster_v0-4-2.zip +windows_amd64/core/portmaster-core_v1-0-0.exe +windows_amd64/kext/portmaster-kext_v1-0-14.dll +windows_amd64/kext/portmaster-kext_v1-0-14.sys +windows_amd64/notifier/portmaster-notifier_v0-3-5.exe +``` + +#### Version Selection + +The version selection algorithm makes sure that in whatever state the Portmaster is started, +it always find the best version available: + +1. Select version `v0.0.0` if available and the {% include setting/ref.html key="core/devMode" %} is enabled. +2. Select the current release as defined by the indexes of the {% include setting/ref.html key="core/releaseChannel" %}. +3. If in Beta or Staging, select the newest version, regardless of it being a pre-release. +4. Select the newest stable version. +5. Default to the newest version. + +This process is done by `portmaster-start` for selecting and starting an executable. The Portmaster Core Service then takes care of version selection of all internal resources. + +In order to properly be able to take advantage of multiple available version, old version are not deleted immediately when a resource updated. +Instead, the Portmaster keeps a couple previous versions in order to either fall back automatically or when instructed to by an updated index. + +#### Resources Explained + +Some resources need to be built specifically for the different operating systems and architectures. +Here, these resources use an `OS_ARCH` as a placeholder for these values. +We have also omitted the `.exe` suffix for the Windows versions. + +- Portmaster + - `OS_ARCH/start/portmaster-start` (10-15MB) + - Starts Portmaster components and integrates with system service controls. + - `OS_ARCH/core/portmaster-core` (15-25MB) + - The Portmaster Core Service that runs in the background. + - `OS_ARCH/app/portmaster-app.zip` (70-100MB, unpacks to 150-200MB) + - A wrapper for the web technology based user interface, currently based on electron. + - We want to find a better solution, see the [Ditch Electron card on the backlog page](https://safing.io/backlog/). + - `OS_ARCH/notifier/portmaster-notifier` (5-15MB) + - The Portmaster Tray Notifier. + - `windows_amd64/kext/portmaster-kext.sys` (<1MB) + - Windows Kernel Extension Driver for the Core Service. Windows only. + - `windows_amd64/kext/portmaster-kext.dll` (<1MB) + - Windows Kernel Extension Library for the Core Service. Windows only. + - `windows_amd64/notifier/portmaster-wintoast.dll` (<5MB) + - Helper to interact with Windows notification system. Windows only. + - `all/ui/modules/portmaster.zip` (<5MB) + - The actual Portmaster user interface. + - This is separate from the app wrapper to enable quick and cheap updates. + - `all/ui/modules/assets.zip` (<10MB) + - User interface related assets that change infrequently. + - `all/intel/lists/base.dsdl` (<25M, high variation possible) + - The base layer of the filter lists intelligence data, which is usually updated once a month. + - `all/intel/lists/intermediate.dsdl` (<5MB, high variation) + - The intermediate layer of the filter lists intelligence data, which is usually updated once a week. + - `all/intel/lists/urgent.dsdl` (<1MB, high variation) + - The urgent layer of the filter lists intelligence data, which is updated hourly, if there are changes. + - `all/intel/geoip/geoipv4.mmdb.gz` (20-40MB, unpacks to 60-90MB) + - IP version 4 address metadata database. + - `all/intel/geoip/geoipv6.mmdb.gz` (70-90MB, unpacks to 180-220MB) + - IP version 6 address metadata database. + - `all/intel/portmaster/notifications.yaml` (<1MB) + - Broadcast notifications to communicate with all or a subset of users. +- SPN + - `OS_ARCH/hub/spn-hub` (<25MB) + - The SPN server software. + - `all/intel/spn/main-intel.yaml` (<1MB) + - Bootstrap and intelligence info for the SPN. +- Installers + - `windows_amd64/packages/portmaster-installer.exe` + - Windows installer. + - `linux_amd64/packages/portmaster-installer.deb` + - Debian (based) installer. + - `linux_amd64/packages/portmaster-installer.rpm` + - Fedora (based) installer. + - `linux_all/packages/install.sh` + - Generic linux install script. + - `linux_all/packages/installer-assets.tar.gz` + - Assets for the generic linux install script. + +During the installation about 300MB are downloaded, which are then expanded to 500MB locally. +With all the other resources that are continually downloaded and processed, expect the installation to grow to 2-4GB. diff --git a/portmaster/changelog.html b/portmaster/changelog.html new file mode 100644 index 0000000..da99f1b --- /dev/null +++ b/portmaster/changelog.html @@ -0,0 +1,113 @@ +--- +title: Portmaster Changelog +layout: base +skip_toc: true +--- + +

    + Portmaster consists of many individual components that work together. The "primary" version number - the one you see everywhere - is the version of the Portmaster Core Service - simply called "Portmaster" below. +

    +

    + Usually, the other components are released together with a new version number of the Portmaster Core Service. + Sometimes, however, minor changes or bug fixes are released without a version update of the Portmaster Core Service in order to get them out faster. +

    + +

    + + Current Stable Version: + v{{ site.data.versions.stable.Releases["windows_amd64/core/portmaster-core.exe"] }} + + + Current Beta Version: + v{{ site.data.versions.beta.Releases["windows_amd64/core/portmaster-core.exe"] }} + +

    + +

    + + How can I use Beta? + +

    + +{% assign staging-version = true %} +{% assign releaseSections = site.data.releases.all | group_by: 'date' %} +{% for releaseSection in releaseSections %} + +
    + + {{ releaseSection.items[0].date }} + + + {% assign repoSection = releaseSection.items | group_by: 'repo' | sort: 'created_at' %} + {% for repoConfig in site.data.releases.config.repos %} + {% for repoReleases in repoSection %} + {% for release in repoReleases.items %} + {% if repoConfig.id == release.repo %} + + {% assign base_tag_name = release.tag_name | split: "-v" | first %} + {% assign version = release.tag_name | split: "-v" | last %} + {% assign version = version | remove_first: "v" %} + + {% if repoConfig.id == "portmaster" %} +

    + {% else %} +

    + + Component: + + {% endif %} + + {% if repoConfig.name %} + {{ repoConfig.name }} + {% else %} + {{ repoConfig.tag-names[base_tag_name] }} + {% endif %} + + v{{ version }} + + + + {% if repoConfig.id == "portmaster" %} +
    + {% else %} + + {% endif %} + + {% if repoConfig.resource %} + {% if version == site.data.versions.stable.Releases[repoConfig.resource] %} + Current Stable + {% assign staging-version = false %} + {% endif %} + {% else %} + {% assign resource-id = repoConfig.tag-resources[base_tag_name] %} + {% if version == site.data.versions.stable.Releases[resource-id] %} + Current Stable + {% assign staging-version = false %} + {% endif %} + {% endif %} + + {% if repoConfig.resource %} + {% if version == site.data.versions.beta.Releases[repoConfig.resource] %} + Current Beta + {% assign staging-version = false %} + {% endif %} + {% else %} + {% assign resource-id = repoConfig.tag-resources[base_tag_name] %} + {% if version == site.data.versions.beta.Releases[resource-id] %} + Current Beta + {% assign staging-version = false %} + {% endif %} + {% endif %} + + {% if staging-version %} + Staging - Not Released + {% endif %} + + {{ release.body | markdownify }} + + {% endif %} + {% endfor %} + {% endfor %} + {% endfor %} + +{% endfor %} diff --git a/portmaster/faq.md b/portmaster/faq.md index 7681faa..95bcc6c 100644 --- a/portmaster/faq.md +++ b/portmaster/faq.md @@ -5,7 +5,55 @@ skip_toc: true --- The FAQ section is work in progress. -You can [search through all entries on GitHub](https://github.com/issues?q=archived%3Afalse+user%3Asafing+sort%3Aupdated-desc+label%3Afaq). +You can search with your browser on this page or [search through all entries on GitHub](https://github.com/issues?q=archived%3Afalse+user%3Asafing+sort%3Aupdated-desc+label%3Afaq). +{%- for category in site.data.faq.config.categories %} -{% include faq-by-category.md %} +### {{ category }} + +{%- for faq in site.data.faq.all -%} +{%- assign title = faq.title | remove_first: "FAQ: " -%} +{%- capture url -%}#{{ faq.title | remove_first: "FAQ: " | slugify }}{%- endcapture -%} +{%- if faq.categories contains category %} +- [{{ title }}]({{ url }}) +{%- endif -%} +{%- endfor %} + +{%- endfor %} + +{%- for category in site.data.faq.config.categories -%} +{%- for faq in site.data.faq.all -%} +{%- if faq.categories contains category %} + +




    + +# {{ faq.title | remove_first: "FAQ: " }} + +
    + View on GitHub +
    + + +
    + + Keywords: {{ faq.keywords | join: ", " }} + +
    + +{{ faq.body | split: "---" | first }} + +{%- endif -%} +{%- endfor -%} +{%- endfor %} + + + diff --git a/portmaster/faq.txt b/portmaster/faq.txt index 1a1f0b5..000a74e 100644 --- a/portmaster/faq.txt +++ b/portmaster/faq.txt @@ -1,3 +1,3 @@ --- --- -{% include faq-by-category.md textformat=true %} +{% include faq/index-by-category.md textformat=true %} diff --git a/portmaster/guides/Screenshot from 2022-12-23 14-50-12.png b/portmaster/guides/Screenshot from 2022-12-23 14-50-12.png new file mode 100644 index 0000000..f991e8b Binary files /dev/null and b/portmaster/guides/Screenshot from 2022-12-23 14-50-12.png differ diff --git a/portmaster/guides/contribute.md b/portmaster/guides/contribute.md index 6ec4c71..a360dcf 100644 --- a/portmaster/guides/contribute.md +++ b/portmaster/guides/contribute.md @@ -1,19 +1,55 @@ --- title: How To Contribute +toc_max_header: 3 layout: base --- ###### Thanks For Participating! -Your contributions will have the highest impact when aligned with Safing's current goals and focus. As a result, these are the current scopes where we are super thankful for your participation: +It is amazing to see you love Portmaster so much that you are checking out this guide. As a small team, **your contribution means the world to us.** We could not do it without you! -## Use the Portmaster +## Spread the Word + +> With [version 1.0](https://safing.io/blog/2022/10/27/portmaster-reaches-1.0/), Portmaster should be recommended as one of the first steps anybody should take within their privacy journey. + +
    + +

    + As new software - too few people know about Portmaster.
    This is where your impact will be biggest! +

    +
    + + +### Ask Your Favorite Creators For Reviews + +A big help to us would be if you could think of your favorite creators and shows: It could be YouTubers, Newsletters, guides, podcasts and so on. Do these creators know about Portmaster already? Would they enjoy sharing a review on their show? Give them a ping and ask them what they think about Portmaster. This could domino effect into hundreds of thousands of people getting better privacy! + +### Do You Have An Audience? + +If you are a creator or someone who gives recommendations, no matter what you think of Portmaster - we'd love for you to have a look and tell your audience what you think! + +Optionally, give us a ping after to brighten our day. + +### Tell Your Friends + +We have no idea how you communicate with your friends on- and offline; and we do not want to know. But what we do know is that if you enjoy Portmaster somebody else will likely too. You know best whom to tell and how to tell them. Be it a private signal message or a recommendation on your favorite online forum. + +To all of you. Thanks for sharing, it makes all the difference! + +## Financial Support + +The most direct way to [support Portmaster development]({{ site.pricing_url }}) is through an upgrade. The "Supporter" package gives you optional badges to show off your support, while ["Unlimited"]({{ site.spn_url }}) takes your privacy to the next level. + +## While Using Portmaster {% include github_notification.html %} ### Report Bugs, Suggest Features and Improvements You can easily report bugs as you stumble upon them. It is best if you quickly check other reports to prevent duplicates. + +All reports are welcome and help us better understand where the Portmaster experience still needs to improve. While we are not at a stage where we can tackle all incoming issues and edge cases yet, please do note **we read every incoming report**. + If you have any ideas we'd love to hear how you would improve things. | | Portmaster []({{ site.github_pm_url }}) | User Interface []({{ site.github_pm_ui_url }}) | Packaging []({{ site.github_pm_packaging_url }}) | @@ -22,15 +58,15 @@ If you have any ideas we'd love to hear how you would improve things. | πŸ’‘ Suggestion: New Feature | [suggest]({{ site.github_pm_url }}{{ site.github_suggest_feature_url }}) | [suggest]({{ site.github_pm_ui_url }}{{ site.github_suggest_feature_url }}) | [suggest]({{ site.github_pm_packaging_url }}{{ site.github_suggest_feature_url }}) | | πŸ’‘ Suggestion: Improvements | [suggest]({{ site.github_pm_url }}{{ site.github_suggest_feature_url }}) | [suggest]({{ site.github_pm_ui_url }}{{ site.github_suggest_feature_url }}) | [suggest]({{ site.github_pm_packaging_url }}{{ site.github_suggest_feature_url }}) | -### Report Linux Distribution Compatibility +#### Report Linux Distribution Compatibility Help us understand Portmaster compatibility with different Linux distributions. Whether it works with your distro or not - your reports will help us massively to know where we stand. We will update the [Linux compatibility list](../install/linux#compatibility) accordingly. -### Report VPN Compatibility +#### Report VPN Compatibility Help us understand Portmaster compatibility with different VPN clients. Whether the VPN client works together with the Portmaster or not - your reports will help us massively to know where we currently stand. All reports are collected, updated and easily accessible in the [VPN Compatibility section](../install/status/vpn-compatibility). -### Report Software Compatibility +#### Report Software Compatibility Have certain applications stopped working with the Portmaster? Or games? Or a special development tool? Your reports will help us massively to know where we currently stand. All reports are collected and easily accessible in the [Software Compatibility section](../install/status/software-compatibility). @@ -57,25 +93,15 @@ We truly do not want you to spend a lot of your precious time and effort into a | βš”οΈ Pull Request: Typos and Small Fixes | πŸ“‘ | πŸ“‘ | | | βš”οΈ Pull Request: Feature Implementation | πŸ“‘πŸ—£ | πŸ“‘πŸ—£ | πŸ—£ | -## Spread the Word - -### Tell Your Friends - -We have no idea how you communicate with your friends; and we do not want to know. But what we do know is that we would not be here without so many of you telling your friends about Safing and Portmaster. Thanks for doing this - it makes all the difference. - -### Tell the Internet - -You can even spread the word wherever you hang out. Share Portmaster in a forum, recommend it being added to a cool list or website. Or just share a blog article you enjoyed on reddit, lobsters, etc. Thanks for sharing! - -## Assist with Documentation and the Website +### Assist with Documentation and the Website {% include github_notification.html %} -### Report Bugs, Inaccuracies and Typos +#### Report Bugs, Inaccuracies and Typos We try our best to keep everything running and up-to-date - but you still might find bugs, inaccurate information or typos. In that case, it would be great if you could let us know. Or even create a pull request with a fix. -### Suggest New Sections +#### Suggest New Sections Our Documentation and Website are living projects. We are happy to hear your ideas on what to add or how to improve: @@ -86,7 +112,7 @@ Our Documentation and Website are living projects. We are happy to hear your ide | πŸ’‘ Suggestion: New Page/Segment | [suggest]({{ site.github_docs_url }}{{ site.github_suggest_feature_url }}) | [suggest]({{ site.github_web_url }}{{ site.github_suggest_feature_url }}) | | πŸ’‘ Suggestion: Improvements | [suggest]({{ site.github_docs_url }}{{ site.github_suggest_feature_url }}) | [suggest]({{ site.github_web_url }}{{ site.github_suggest_feature_url }}) | -### Contribute to the Web-Projects +#### Contribute to the Web-Projects We welcome code contributions - still here are two things you must know before starting: @@ -103,11 +129,11 @@ However, we truly do not want you to spend a lot of your precious time and effor | βš”οΈ Pull Request: Typos and Small Fixes | | | | βš”οΈ Pull Request: Feature Implementation | πŸ—£ | πŸ—£ | -## Other, Out-Of-Scope +### Other, Out-Of-Scope If you want to contribute beyond the listed guide it is best to check with us first. We as a team have limited resources and do not want your precious time and effort to go to waste. So please, _check with us first via GitHub or _. -## Appendix: Cheat Sheet +### Appendix: Cheat Sheet {% include github_notification.html %} diff --git a/portmaster/install/linux.md b/portmaster/install/linux.md index 88cc940..d9ec36b 100644 --- a/portmaster/install/linux.md +++ b/portmaster/install/linux.md @@ -9,9 +9,10 @@ This page covers how to install and uninstall the Portmaster on Linux. We provide package installers for supported systems: -- [`.deb` for Debian/Ubuntu]({{ site.download_linux_deb_url }}) ([_how to_](https://linuxconfig.org/install-deb-file-on-ubuntu-20-04-focal-fossa-linux)) -- [`.rpm` for Fedora]({{ site.download_linux_rpm_url }}) ([_how to_](https://itsfoss.com/install-rpm-files-fedora/)) -- [`PKGBUILD` for Arch](#arch-linux) +- [Download `.deb`]({{ site.download_linux_deb_url }}) for Debian, Ubuntu, Pop!_OS, ... [_how to_](https://linuxconfig.org/install-deb-file-on-ubuntu-20-04-focal-fossa-linux) +- [Download `.rpm`]({{ site.download_linux_rpm_url }}) for Fedora, CentOS, ... [_how to_](https://itsfoss.com/install-rpm-files-fedora/) +- [In AUR](https://aur.archlinux.org/packages/portmaster-stub-bin): `portmaster-stub-bin` for Arch, Manjaro, EndeavourOS, ... +- `curl -fsSL https://updates.safing.io/latest/linux_all/packages/install.sh | sudo bash` for Others __Important Notes__: @@ -80,37 +81,13 @@ The Portmaster Core Service is compatible with the Linux Kernel as of version 2. Dependencies: -- `libnetfilter_queue` - for network stack integration -- `libappindicator3` - for sending desktop notifications (_optional, but recommended_) - [Network Manager](https://wiki.gnome.org/Projects/NetworkManager) - for better integration (_optional, but recommended_) - -###### Debian/Ubuntu - -```sh -sudo apt install libnetfilter-queue1 libappindicator3-1 -``` - -
    - -

    - You may need to enable the universe or multiverse repositories sources on Ubuntu. -

    -
    - -###### Fedora - -```sh -sudo yum install libnetfilter_queue -``` - -###### Arch - -```sh -sudo pacman -S libnetfilter_queue libappindicator-gtk3 -``` +- _We managed to remove all other dependencies!_ πŸŽ‰ ### Manual Install and Launching +_Consider using our `curl | bash` installer mentioned above._ + __0.__ Install dependencies. __1.__ Download the latest `portmaster-start` utility and initialize all resources: @@ -229,26 +206,6 @@ sudo wget https://raw.githubusercontent.com/safing/portmaster-packaging/master/l Right after you download both files the Portmaster should appear in your system search with an icon. If you still cannot see the Portmaster icon, please check whether the `portmaster-start` path in the desktop entry matches the path of your installation. -### Arch Linux - -For Arch users we provide a PKGBUILD file in the [portmaster-packaging](https://github.com/safing/portmaster-packaging) repository. -We are currently reworking our installers and plan to submit to AUR as soon as we finished the rework. - -For now, to install the Portmaster using the PKGBUILD, follow these steps: - -```sh -# Clone the repository -git clone https://github.com/safing/portmaster-packaging - -# Enter the repo and build/install the package (it's under linux/) -cd portmaster-packaging/linux -makepkg -is - -# Start the Portmaster and enable autostart -sudo systemctl daemon-reload -sudo systemctl enable --now portmaster -``` - ### Troubleshooting #### Install Path Change @@ -382,7 +339,7 @@ sudo yum remove portmaster ###### Arch ```sh -sudo pacman -Rnsu portmaster +sudo pacman -Rnsu portmaster-stub-bin ``` ### Community Contributions @@ -407,4 +364,8 @@ sudo ln -s /usr/local/sv/portmaster /etc/runit/runsvdir/default sudo sv up portmaster ``` -Artix Linux users can find the [portmaster-runit](https://aur.archlinux.org/packages/portmaster-runit/) package in the AUR \ No newline at end of file +Artix Linux users can find the [portmaster-runit](https://aur.archlinux.org/packages/portmaster-runit/) package in the AUR + +### Frequently Asked Questions + +You can find solutions to common problems in the [FAQ]({{ site.faq_url }}) diff --git a/portmaster/install/status/vpn-compatibility.md b/portmaster/install/status/vpn-compatibility.md index b15ef84..5bac954 100644 --- a/portmaster/install/status/vpn-compatibility.md +++ b/portmaster/install/status/vpn-compatibility.md @@ -9,10 +9,32 @@ Overall, the Portmaster is compatible with VPNs. Here we describe what to look o Under normal circumstances, VPNs should work right out of the box. If not, you can always [use OpenVPN as a workaround](#workaround-openvpn). -Please [report your experience]({{ site.github_pm_url }}{{ site.github_report_compatibility_url }}) to help others know whether the Portmaster works with a certain VPN client or not. Naturally, when encountering problems we will try to help you get it going. +### Where Incompatibility Comes From + +Incompatibility is created when both Portmaster and a VPN client hook into DNS. Check your VPN app if you can somewhere disable DNS redirection. + +Portmaster _needs_ to hook into DNS in order to understand which connection goes where and to which app it belongs. Without it, users would have to start filtering by IP address, making Portmaster basically useless. + +Portmaster automatically [secures DNS](portmaster/architecture/core-service/secure-dns/) requests by encrypting them to a secured DNS resolver - which you can configure if you do not like the defaults. You can even set your VPN provider as the resolver if you want. We are all about empowering users. + +VPNs do sometimes hook into DNS too - creating the compatibility conflict. Their idea is that since you redirect all your normal traffic through them, you might as well redirect all your DNS to them too. Now that comes from good intentions - but if they do not provide a way to disable this behavior, then this goes against user choice. + +The same can apply when VPNs enforce traffic re-routing with kill switches. + +There sadly is not much we can do than to ask VPN providers to empower users and allow them to disable their various integrations. + +### Workaround: OpenVPN + +If a VPN Client does not work, you can try restoring compatibility with [this FAQ guide](https://github.com/safing/portmaster/issues/708). Or alternatively, you can always work around this by [using OpenVPN instead](https://openvpn.net/community-resources/how-to/). This is a bit more technical but worth a shot if the normal VPN client does not work out. + +### DNS Leak Detection + +Please note that pretty much all the DNS leak detection tests by the VPN providers will be a false positive, as the only thing they check is if you are using _their_ DNS servers. Rest assured that your DNS queries are well protected by the Portmaster and there is no need to be concerned. ### Community Reports +Please [report your experience]({{ site.github_pm_url }}{{ site.github_report_compatibility_url }}) to help others know whether Portmaster works with a certain VPN client or not. + @@ -41,11 +63,3 @@ Please [report your experience]({{ site.github_pm_url }}{{ site.github_report_co {% endfor %}
    - -#### Workaround: OpenVPN - -If a VPN Client does not work, you can always work around this by [using OpenVPN instead](https://openvpn.net/community-resources/how-to/). This is a bit more technical but worth a shot if the normal client does not yet work. - -### DNS Leak Detection - -Please note that pretty much all the DNS leak detection tests by the VPN providers will be a false positive, as the only thing they check is if you are using _their_ DNS servers. Rest assured that your DNS queries are well protected by the Portmaster and there is no need to be concerned. diff --git a/portmaster/install/windows.md b/portmaster/install/windows.md index 517f386..208a192 100644 --- a/portmaster/install/windows.md +++ b/portmaster/install/windows.md @@ -5,7 +5,7 @@ layout: base This page covers how to install and uninstall the Portmaster on Windows 7, 8, 10 and 11. The install process is the same for all supported Windows versions: -- [Download installer](https://updates.safing.io/latest/windows_amd64/packages/portmaster-installer.exe) +- [Download installer]({{ site.download_windows_url }}) - Use winget: `winget install -i portmaster` Please note that we currently only support the 64bit CPU Architecture, which is the current main standard. In case of Windows 7, you require the 2015 security update KB3033929 for correctly verifying driver signatures. @@ -35,57 +35,6 @@ You can easily uninstall the Portmaster by using the system preferences or by ex The uninstaller reverts all steps mentioned above and also requires a reboot afterwards. -### Known Issues +### Frequently Asked Questions -#### Notifications are not working on Windows 7 and 8. - -Microsoft added a notification service that supports actions with Windows 10 so Portmaster's notifications won't work on Windows 7 or 8. We will push alternatives as we find solutions and time to do so. In the meantime we recommend not to use the "prompt" action as a default when running on Windows 7 or 8. - -#### Network issues after stopping or uninstalling Portmaster - -The Portmaster marks all its network stack integrations as non-permanent and as such they are removed by Windows when the Portmaster shuts down or when Windows reboots. - -In rare cases, however, Windows fails to correctly remove the Portmaster's network stack integration correctly, resulting in a loss of network connectivity. We have never experienced this issue ourselves and thus haven't yet been able to take an in-depth look. - -The help Windows restore network connectivity, open a Windows [cmd](https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/cmd) as an Administrator and enter the following commands to reset your network. -Warning: You might need to reconfigure any special network settings you had. - -``` -netsh int ip reset -netsh winsock reset catalog -``` - -After that, reboot. -If that did not restore network connectivity, please report this. - -#### Portmaster fails to restart - -In some cases the Portmaster will fail to restart, because the Portmaster Kernel Extensions cannot be loaded and returns the error code 0x422. -This stems from a known issue in Windows, where system services are not completely removed when something is monitoring the system services. -When the Portmaster restarts, it is then unable to initialize the Kernel Extension, because the system thinks it is still unloading. - -If you experience this issue, please follow this workaround: - -_Quoting from _ - -> There may be several causes which lead to the service being stuck in β€œmarked for deletion”. -> -> 1. [SysInternals' Process Explorer is opened](http://blog.cyotec.com/2011/05/specified-service-has-been-marked-for.html). Closing it should lead to automatic removal of the service. -> -> 1. [Task Manager is opened](https://stackoverflow.com/questions/20561990/how-to-solve-the-specified-service-has-been-marked-for-deletion-error/21310096#comment32672750_20565337). -> -> 1. [Microsoft Management Console (MMC) is opened](https://stackoverflow.com/a/8529760/240613). To ensure all instances are closed, run `taskkill /F /IM mmc.exe`. -> -> 1. [Services console is opened](https://stackoverflow.com/a/21310096/240613). This is the same as the previous point, since Services console is hosted by MMC. -> -> 1. [Event Viewer is opened](https://stackoverflow.com/a/18467128/240613). Again, this is the same as the third point. -> -> 1. [The key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\\{service name} exists](https://stackoverflow.com/a/2804099/240613). -> -> 1. [Someone else is logged into the server](https://stackoverflow.com/a/28632820/240613) and has one of the previously mentioned applications opened. -> -> 1. An instance of Visual Studio *used to debug the service* is open. - -#### Portmaster Core does not start at boot - -While we haven't experienced this in a while, it might just happen that the Portmaster will not start at boot, although it is configured to do so. If that is the case, you can check its status in the "Services" Desktop App. There, search for the Service "Portmaster Core" and inspect and start it as needed. +You can find solutions to common problems in the [FAQ]({{ site.faq_url }}) diff --git a/spn/alpha/status.md b/spn/alpha/status.md deleted file mode 100644 index e7706b2..0000000 --- a/spn/alpha/status.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: SPN Alpha - Status -layout: base -redirect_from: - - /spn/broader-testing/status ---- - -
    - -

    - - Treat the SPN as a VPN in your threat model for now. Please be aware that there are not enough users and servers during the alpha phase in order to protect you from VPN traffic analysis. - -

    -
    - -
    - -

    - Last Updated on 2nd June, 2022 -

    -
    - -### Works Well - Report if Broken [](https://github.com/safing/spn/issues) - -- Login on Portmaster Client successfully connects to the SPN -- Normal browsing of websites -- Big file downloads -- Video streaming -- UDP based applications -- High Bandwidth: up to 100MBit/s (and more, depending on path) - -### Under Investigation - Please Test and Report [](https://github.com/safing/spn/issues) - -- Video Conferencing -- Torrents - -### Known Issues - -- Internal scheduling needs improvement: When a big download is in progress, other connections may die. In some circumstances, the health check will fail and the SPN will reconnect. Fix is in progress. - -### How To Report Bugs - -Bugs can be reported on the [SPN repository on GitHub](https://github.com/safing/spn/issues) - -Be sure to also check the network status feed on the SPN page in Portmaster. diff --git a/spn/hosting-a-community-node.md b/spn/hosting-a-community-node.md index e1996de..5df178a 100644 --- a/spn/hosting-a-community-node.md +++ b/spn/hosting-a-community-node.md @@ -35,6 +35,8 @@ The SPN Node will attempt to configure itself automatically, using: If the server itself does not have a (single) public IP address, you will need to manually configure the IP address using the settings listed below in Appendix I. +You will also need to configure your firewall to allow incoming connections to ports 17 and 80. The protocols and ports can be configured with the `transports` setting described below. + If everything is prepared, you can now install the SPN Node using our install script: ``` diff --git a/spn/index.md b/spn/index.md index 0a1a87e..e630124 100644 --- a/spn/index.md +++ b/spn/index.md @@ -3,4 +3,6 @@ title: SPN layout: base --- -SPN Base Page +The expanded SPN documentation will be added in the future. + +You can find more information about the SPN [on our website]({{ site.spn_url }})