Re: mason firewall building tool
On 11 Jul 2001 19:13:59 +0200, Guy wrote:
> >>>>> "kiteless" == kiteless <kiteless@sympatico.ca> writes:
>
> kiteless> hello all i was just wondering if any of you have ever tried
> kiteless> using a program / package called mason to build firewalls on
>
> I tried mason once. It has an `auto-learn' mode where it will scan the
> network and add filtering rules for everything which passes through
> the firewall.
>
> I found it generated way too many rules, and required quite a bit of
> hand-tuning.
>
Actually, you can reduce the number of generated rules by adding to or
changing the mason default rules.
Like most good tools in Linux, it is only really usefull if you know and
understand what you and your tools are doing. In order to make effective
use of mason one must be able to edit the generated ruleset, and identify
those generated rules that are undesirable. If you do not understand
ipchains, do not use mason. It can create rules that will allow hostile
traffic if hostile traffic is encountered while mason is learning.
--ptw
--
Paul T Wright <paul@cvanet.com>
And, strange to tell, among the Earthen Lot
Some could articulate, while others not:
And suddenly one more impatient cried --
"Who is the Potter, pray, and who the Pot?"
-- The Rubaiyat of Omar Khayyam --
Reply to: