The Application Firewall is responsible for interception network connections and analyzing them to only the ones that are in the interest of the user - while not bugging the user about it.
The interception package (a seperate one for each OS) provides the firewall a stream of packet objects, which the firewall can inspect and then issue a verdict through these packet objects.
Verdicts may be:
host unreachablemessage is sent to the sender.
Link) to the local Gate17 entry point for further handling.
The permanent editions of verdicts were created to drastically improve performance of the portmaster, as such
Links will be “handed over” back to the OS and will not be intercepted by the Portmaster anymore. The trade-off here is that connections cannot be killed, should the user or software change it’s mind about it later on - but this is usually not the case.
Links represent a physical connection between a local application and a remote server. It is defined and identified through the IP/Port pair.
Connections represent a logical connection between a local application and a Internet entity, identified by a domain.
Connections will usually have multiple
Links belonging to it.
The Portmaster is the component that is handed received
Links as well as any intelligence data gathered to make a decision.
It always tries to make a decision on the
Links will automatically inherit. All these decisions and why they were made can easily be monitored in the UI.