Projects / Mason


Mason is a tool that interactively builds a firewall using Linux' ipfwadm or ipchains firewalling. You leave mason running on the firewall machine while you are making all the kinds of connections that you want the firewall to support (and want it to block). Mason gives you a list of firewall rules that exactly allow and block those connections. It can either build a firewall from scratch for you or supplement an existing firewall.

Operating Systems

Recent releases

  •  17 Sep 2001 05:46

    Release Notes: Minor interface improvements, and small compatibility fixes have been made. It now uses the samlib library; install that first. This release fully supports iptables as well.

    •  22 Nov 1999 20:35

      Release Notes: Mason has the first functional support for iptables/netfilter firewalls. It also allows the user to make decisions about rules during the build process, rather than making the decisions about a block of rules at the end. Neither facility is complete or fully tested; those that need stable, tested code should stay with

      •  14 Sep 1999 13:01

        Release Notes: This release automatically makes masq rules for reserved addresses and icmp subcodes, includes support for ip tunneling and a number of other protocols, removes the namecache (no longer needed), etc.

        •  22 Mar 1999 18:02

          Release Notes: This first public release has stable ipfwadm and ipchains rule creation. It automatically handles the spcial needs of a number of protocols (nfs, ssh, irc, X, vnc, ip masquerading, etc.) and automatically recognizes your network structure. Very preliminary support is in place to create Cisco IOS rules as well. The package includes a basic front end (mason-gui-text) to lead one through the process of creating a firewall.

          Recent comments

          19 Jan 2000 16:12 cpeppler

          Use of Mason
          I had heard about a couple of horror stories about folks hooking a Linux box up to Mediaone RoadRunner, and knew I needed a firewall. I had an old Win95 '486 box (24MB RAM, 400MB HD) that I wanted use as the firewall box. I bought a couple of NIC cards (LNE 2000/Linksys), dropped them in the box, and loaded RedHat Linux 6.1. After checking a couple of options, I found Mason. I called Mediaone, changed my MAC address, and brought up Linux on Mediaone. I set the IP_MASQ rule up, and had access to Mediaone from my internal LAN through the new (old) '486.

          Not wanting the crackers to get in, I started up Mason, and watched it make a bunch of ipchains rules as I used the various applications from inside my home LAN. I saw a couple of scans from outside boxes, changed those rules from ACCEPT to DENY, and set the default rules policy to DENY on input.

          So far, things have been running great. The mason-gui-text user interface is functional, and works fine on the text console. So far, I've been very pleased with Mason (developer version, and would recommend it to others. I had heard stories about folks getting their Mediaone access suspended because of crackers using their open Linux box, so this tool definitely helps.


          Project Spotlight


          A Fluent OpenStack client API for Java.


          Project Spotlight

          TurnKey TWiki Appliance

          A TWiki appliance that is easy to use and lightweight.