Install Now
mason - interactively create a firewall
Contents
Description
This manual page briefly documents the mason command.
mason interactively generates a set of firewall rules for a Linux-based firewall. This is done by
turning on full IP logging, watching the logs for connections, and generating rules describing the
connections seen. mason is familiar with most of the quirks of various connection types (such as ftp and
IRC), and can output rules for 2.0.x ipfwadm, 2.2.x ipchains, and Cisco packet filters.
mason operates by reading in log file information from standard input and writing firewall rules to
standard output. This allows mason to work offline or on a separate system. Real-time firewall
generation can be achieved with a command like tail(1).
Most users will want to run mason with a user-friendly interface such as mason-gui-text(1).
Environment
mason is configured using the following environment variables.
ECHOCOMMAND
Sets the type of firewall rules that mason should output to standard out. Allowed values include
"ipfwadm" and "ipchains". By default, mason outputs whatever kind of rules are supported by the
currently running Linux kernel.
DOCOMMAND
Sets the type of firewall rules that mason should run immediately when a rule is generated.
Allowed values include "ipfwadm" and "ipchains". By default, mason outputs whatever kind of rules
are supported by the currently running Linux kernel.
HEARTBEAT
If set to "yes", mason will output a "+" or "-" to standard error whenever a rule generated by
mason has been triggered.
DYNIP Set this to the list of interfaces that have dynamically assigned addresses, separated by spaces.
Name
mason - interactively create a firewall
See Also
mason-gui-text(1)Synopsis
mason<logfile>rulefile
PNG Icons