NAME¶
mason - interactively create a firewall
SYNOPSIS¶
mason < logfile > rulefile
DESCRIPTION¶
This manual page briefly documents the
mason command.
mason interactively generates a set of firewall rules for a Linux-based
firewall. This is done by turning on full IP logging, watching the logs for
connections, and generating rules describing the connections seen.
mason is familiar with most of the quirks of various connection types
(such as ftp and IRC), and can output rules for 2.0.x ipfwadm, 2.2.x ipchains,
and Cisco packet filters.
mason operates by reading in log file information from standard input and
writing firewall rules to standard output. This allows
mason to work
offline or on a separate system. Real-time firewall generation can be achieved
with a command like
tail(1).
Most users will want to run mason with a user-friendly interface such as
mason-gui-text(1).
ENVIRONMENT¶
mason is configured using the following environment variables.
- ECHOCOMMAND
- Sets the type of firewall rules that mason should
output to standard out. Allowed values include "ipfwadm" and
"ipchains". By default, mason outputs whatever kind of
rules are supported by the currently running Linux kernel.
- DOCOMMAND
- Sets the type of firewall rules that mason should
run immediately when a rule is generated. Allowed values include
"ipfwadm" and "ipchains". By default, mason
outputs whatever kind of rules are supported by the currently running
Linux kernel.
- HEARTBEAT
- If set to "yes", mason will output a
"+" or "-" to standard error whenever a rule generated
by mason has been triggered.
- DYNIP
- Set this to the list of interfaces that have dynamically
assigned addresses, separated by spaces.
SEE ALSO¶
mason-gui-text(1)
AUTHOR¶
This manual page was written by Jeff Licquia <jeff@luci.org>, for the
Debian GNU/Linux system (but may be used by others).