Once again, the linux kernel and firewall developers deserve all the credit. Mason is simply a front end to a fast, powerful, stable firewall implementation in the linux kernel. Many thanks to all the linux firewall developers.
The name "Mason" comes from two sources; first of all, it builds a (fire)wall. Second, it's my nephew's name. Mason lives in Brooklyn with my sister and her husband and my niece Eve. He's a great guy!
If you have comments, suggestions, problems, ideas, flames, patches, whatever, I'd like to hear them. I'd even be interested in hearing where Mason fell short for your needs. My permanent email address is wstearns@pobox.com. The permanent web site for the software is http://www.pobox.com/~wstearns/mason/.
Jeff Licquia has kindly offered to package up Mason into a Debian package. The Debian requirements are helping to make a better program for all distributions.
Jens Knudsen wrote nicerules, a wrapper script for Mason. It's a simple script that takes the "newrules" output, sorts and orders the firewall rules in a way that makes it easier to review security, and produces a "standalone" firewall script and a firewall.disable script. The script probably has many "bugs", use it as an aid, but don't blame him for any problems it may cause you. There is more information in the actual script which is also heavily commented. Have fun.
If you choose to send me actual mason firewall rules and choose to hide the IP addresses and/or networks for security reason, that's fine, but please replace them with something that describes their general use so I can make sense of them. For example:
cat myrules | sed -e 's@11.22.33.44/32@fw-outside@' \ -e 's@192.168.1.1/32@fw-inside@' \ -e 's@192.168.1.0/24@inside-net@' \ >myrules.mailable
There are a number of things you can do to help this project:
The files in the Mason package are Copyright (c) 1998-2002 by William Stearns wstearns@pobox.com or Jeff Licquia. They are released under the GNU GPL, which is included in the package. If you did not recieve a copy of this license, please contact the author for a copy (see the top of the Mason script for contact information for the author and the Free Software Foundation).
William is also the author of buildkernel, the automated Linux kernel builder, and other minor shell scripts.
Chris Brenton deserves very special thanks for spending an evening with me discussing a number of questions I've had about packet filtering. He was very kind to share his knowledge with me. I owe him a pizza sometime. :-)
Chris has written some excellent networking texts - I'm about halfway through Mastering Network Security and am very impressed with the writing and content: Multiprotocol Network Design & Troubleshooting, Mastering Network Security. The above plug was not requested, but is well deserved.
Thanks to Nathan Bailey who took the time to remind me that there is a Perl Module that's also called Mason. Thanks also to Jonathan Swartz, the author of HTML::Mason who graciously agreed to share the name and pointers with me.
Many thanks to Dave Stern, who has offered suggestions on how to improve Mason and helped with beta testing early versions. Maybe someday I'll tell him they were prerelease versions... :-)
Thanks to all of the people who have sent in questions, bug reports, fixes, improvements, and six foot long lizards.
The new section of masonrc with a boatload of backdoor ports is courtesy of the authors of and contributors to snort. Specifically, Nick Rogness, Jim Forster and Martin Markgraf are credited with the work on the ports - many thanks, guys.
Snort can be found at http://www.snort.org. It's a really cool intrusion detection tool. Thanks to Marty roesch@clark.net for the tool.
A special thank you to all the authors in the Linux movement. In a small way, the code I return to the community is my way of paying back my incredible debt to the people who came before me.
As always, many thanks to my wife Debbie, who has shown amazing patience with my Linux related projects. Many thanks, my love.