Mason is a tool that helps create a custom Linux packet filtering
firewall. One starts up Mason on the machine(s) that need to do packet filtering, then does all the normal things that this neetwork needs to allow or deny. Mason creates ipchains/ipfwadm rules that can be used in a finished firewall. It includes support files to provide a rudimentary menu for building and a shell that implements the current firewall in SysV boot scripts used in most Linux distributions.
Mason is not for the user that wants a prebuilt firewall that
installs without effort. A number of those are available on the Internet already.
Mason is perfect for:
- Someone trying to build a "default deny" firewall. *1
- Someone that wants very tight control over exactly which protocols are allowed in/out/through a machine.
- Someone with a partial firewall that is having trouble coming up
with the right rules for a few tricky protocols.
- Machines that don't match the design of the prebuilt firewalls.
- Implementing firewalls on routers _and_ individual workstations or
servers - machines that have typically lacked their own individual
firewalls in the past.