[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: mason firewall building tool

> Actually, you can reduce the number of generated rules by adding to or
> changing the mason default rules.
>
> Like most good tools in Linux, it is only really usefull if you know and
> understand what you and your tools are doing.  In order to make effective
> use of mason one must be able to edit the generated ruleset, and identify
> those generated rules that are undesirable.  If you do not understand
> ipchains, do not use mason.  It can create rules that will allow hostile
> traffic if hostile traffic is encountered while mason is learning.

well, after two days of experience with it, i would have to concur with the
above. mason is great in many ways, but -- for the benefit of the other
newbies out there -- it does not provide you with that quick fix, especially
in situations even slightly out of the ordinary.
the configuration files do allow for a lot of flexibility, and there is a
lot of room for customization, but overall one cannot get away with
less-than-minimal knowledge of ipchains if the constructed firewall is to
function as needed.
i tried running mason several times with various configurations and, indeed,
it ended up authorizing some suspicious / unsafe options. in the end i
resorted to Robert L. Ziegler's Linux IPFW Firewall Design Tool. the tool,
along with his faqs, have been most helpful.
-> http://www.linux-firewall-tools.com/linux/faq/

peace

-p
Reply to: