Mason 0.12.0, the free automated firewall builderApr 03, 1999, 11:50 (0 Talkback[s])
(Other stories by William Stearns)
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
William Stearns writes:
Good day, all,
This will just be a short announcement of a free/GPL tool that may be of interest to anyone using or considering the use of Linux machines as firewalls.
Mason is a tool that helps create a custom Linux packet filtering firewall. One starts up Mason on the machine(s) that need to do packet filtering, then does all the normal things that this neetwork needs to allow or deny. Mason creates ipchains/ipfwadm rules that can be used in a finished firewall. It includes support files to provide a rudimentary menu for building and a shell that implements the current firewall in SysV boot scripts used in most Linux distributions.
Mason is not for the user that wants a prebuilt firewall that installs without effort. A number of those are available on the Internet already. Mason is perfect for:
*1 Also works well for "default allow"; during the training phase, you teach Mason about all the protocols you want to _block_. Or teach Mason about both protocols to allow _and_ protocols to block.
Features support for:
Automatic recognition of the quirks in the following protocols: ssh, nfs/sunrpc/mount (needs more testing), ftp, X, openwindows, vnc, irc, traceroute, ip masquerading, realaudio, dns, syslog, netbios, ntp, coda. Automatically handles the standard protocols such as http, smtp, nntp, pop2/3, imap, https, telnet, etc.
*2 Customizable by a configuration file.
The installation process does assume a SysV layout; Slackware users may have to install the program files manually.
While Mason has basic support for the sunrpc, mount, and nfs ports, these are hardwired in. At some point I'll have to poll the sunrpc port in a specified list of machines to provide more flexible support for sunrpc services.
This is not a polished release; there are still some rough points. Because of the large number of features recently added, the documentation is lagging behind the code. Feedback, suggestions, bug reports and patches are welcome; please email them to firstname.lastname@example.org .
Mason is provided under the GNU General Public License, and is therefore provided at no cost. The entire package, with the exception of the included nmap-services file, is Copyright (c) 1998-1999 by William Stearns (email@example.com).
0 Talkback[s] (click to add your comment)