mason - interactively create a firewall
mason < logfile > rulefile
This manual page briefly documents the mason command.
mason interactively generates a set of firewall rules for a Linux-based
firewall. This is done by turning on full IP logging, watching the
logs for connections, and generating rules describing the connections
seen. mason is familiar with most of the quirks of various connection
types (such as ftp and IRC), and can output rules for 2.0.x ipfwadm,
2.2.x ipchains, and Cisco packet filters.
mason operates by reading in log file information from standard input
and writing firewall rules to standard output. This allows mason to
work offline or on a separate system. Real-time firewall generation
can be achieved with a command like tail(1).
Most users will want to run mason with a user-friendly interface such
mason is configured using the following environment variables.
Sets the type of firewall rules that mason should output to
standard out. Allowed values include "ipfwadm" and "ipchains".
By default, mason outputs whatever kind of rules are supported
by the currently running Linux kernel.
Sets the type of firewall rules that mason should run
immediately when a rule is generated. Allowed values include
"ipfwadm" and "ipchains". By default, mason outputs whatever
kind of rules are supported by the currently running Linux
If set to "yes", mason will output a "+" or "-" to standard
error whenever a rule generated by mason has been triggered.
DYNIP Set this to the list of interfaces that have dynamically
assigned addresses, separated by spaces.
This manual page was written by Jeff Licquia <email@example.com>, for the
Debian GNU/Linux system (but may be used by others).