This manual page briefly documents the
mason
command.
mason
interactively generates a set of firewall rules for a Linux-based
firewall. This is done by turning on full IP logging, watching the
logs for connections, and generating rules describing the connections
seen.
mason
is familiar with most of the quirks of various connection types (such
as ftp and IRC), and can output rules for 2.0.x ipfwadm, 2.2.x
ipchains, and Cisco packet filters.
mason
operates by reading in log file information from standard input and
writing firewall rules to standard output. This allows
mason
to work offline or on a separate system. Real-time firewall
generation can be achieved with a command like tail(1).
Most users will want to run mason with a user-friendly interface such
as mason-gui-text(1).
ENVIRONMENT
mason
is configured using the following environment variables.
ECHOCOMMAND
Sets the type of firewall rules that
mason
should output to standard out. Allowed values include "ipfwadm" and
"ipchains". By default,
mason
outputs whatever kind of rules are supported by the currently running
Linux kernel.
DOCOMMAND
Sets the type of firewall rules that
mason
should run immediately when a rule is generated. Allowed values
include "ipfwadm" and "ipchains". By default,
mason
outputs whatever kind of rules are supported by the currently running
Linux kernel.
HEARTBEAT
If set to "yes",
mason
will output a "+" or "-" to standard error whenever a rule generated
by
mason
has been triggered.
DYNIP
Set this to the list of interfaces that have dynamically assigned
addresses, separated by spaces.