| Mason Pre-made Rulesets by: Robert S. Goldstein Mason by: William Stearns |
 Image by: Gary Sellers |
| Mason Pre-made Rulesets by: Robert S. Goldstein Mason by: William Stearns |
Image by: Gary Sellers |
Last Updated: 3/11/2000
Table of Contents
Mason is a tool that interactively builds a firewall using Linux' ipfwadm or ipchains firewalling. You leave mason running on the firewall machine while you are making all the kinds of connections that you want the firewall to support (and want it to block). Mason gives you a list of firewall rules that exactly allow and block those connections.
Mason was specifically designed to make it possible for anyone with the ability to generally find their way around a Linux system to build a reasonably good packetfiltering firewall for any and every system under their control. It takes care of all the low level grunt work; all you need to do is follow the instructions and be able to run all the TCP/IP applications that need to be supported.
Click here for the Mason HomePage
It can sometimes be a daunting task to decide what ports are needed and not needed so that one can quickly create a firewall. With the help of Mason, creating a firewall on a UNIX machine has become easier to do than in the past. However, the time needed to sift through all of the rules that Mason creates can be a task that novices and even sometimes experienced UNIX people cannot waste in order to protect their machine. The Rulesets eliminate most, if not all of the time looking at the new rules created by Mason, thereby having a securer machine quicker.
How do I install one of the Rulesets?
To install one of the Pre-made Rulesets, simply copy over the default "baserules" file with one of the Ruleset you decided. The default location for the "baserules" file is in /var/lib/mason . For backup processes, I would recommend you rename the current "baserules" file to something else, just in case you need it in the future.
Remember to test to make sure that the Ruleset is working correcting for you. If you notice any problems, start up mason in learn mode (all policy variables set to ACCEPT) to obtain the other rules. If this occurs, let me know about the problem(s) you had via email: rsg@pobox.com
What is the purpose for the Files, such as "${ETHBASEPORT}-web"?
These files enable you to only allow the IP's specified in the file to have those ports open. This can be useful in cases such as if you have 20 IP's on one machine for doing Web Hosting. Each one of these IP's has the same rules, so by putting them into these files you save time on adding and remove IP's from different allowed ports. Please note, that you MUST include the Base IP for the network interface (i.e. the IP located on eth0) so that traffic can go off of the card correctly. It is preferred that you put only one IP address per line inside of these files. Also do not put comments on lines where there are IP Addresses, if you do they will not be read in correctly.
If you have any Pre-Made Rulesets that you would like to add to this page you can send them to me via email: rsg@pobox.com