> Actually, you can reduce the number of generated rules by adding to or > changing the mason default rules. > > Like most good tools in Linux, it is only really usefull if you know and > understand what you and your tools are doing. In order to make effective > use of mason one must be able to edit the generated ruleset, and identify > those generated rules that are undesirable. If you do not understand > ipchains, do not use mason. It can create rules that will allow hostile > traffic if hostile traffic is encountered while mason is learning.
well, after two days of experience with it, i would have to concur with the above. mason is great in many ways, but -- for the benefit of the other newbies out there -- it does not provide you with that quick fix, especially in situations even slightly out of the ordinary. the configuration files do allow for a lot of flexibility, and there is a lot of room for customization, but overall one cannot get away with less-than-minimal knowledge of ipchains if the constructed firewall is to function as needed. i tried running mason several times with various configurations and, indeed, it ended up authorizing some suspicious / unsafe options. in the end i resorted to Robert L. Ziegler's Linux IPFW Firewall Design Tool. the tool, along with his faqs, have been most helpful. -> http://www.linux-firewall-tools.com/linux/faq/ peace -p