The Mason HOWTO

William Stearns wstearns@pobox.com

1. Formalities

• 1.1 Disclaimer
• 1.2 Copyleft

2. Introduction

• 2.1 Background and motivation
• 2.2 Basic theory of operation
• 2.3 Compatibility and requirements
• 2.4 Features

3. Quickstart

• 3.1 Make sure the system is already pretty secure.
• 3.2 Install the Mason package
• 3.3 Prepare /etc/services
• 3.4 Prepare /etc/hosts
• 3.5 Prepare the routing table and interfaces
• 3.6 Check the configuration file
• 3.7 Place any known rules in /var/lib/mason/baserules
• 3.8 Run mason-gui-text
• 3.9 Tell your boss that you're going to need a few weeks to build this.
• 3.10 Implement the final firewall.

4. Special considerations

• 4.1 Kernel
• 4.2 Ipfw, Ipfwadm, Ipchains, and Iptables
• 4.3 DNS
• 4.4 Rule order
• 4.5 Generalization
• 4.6 Router or end node
• 4.7 Slow machines or fast nics
• 4.8 Active hacking while mason running
• 4.9 Masquerading
• 4.10 Offline and non-root creation
• 4.11 /etc/services and special ports
• 4.12 Insert vs. append
• 4.13 Allow versus deny and reject
• 4.14 Input, Output, and Forwarding
• 4.15 Remote firewall creation - Telnet/ssh lockout
• 4.16 Ack flag
• 4.17 Limitations, Ideas and future enhancements

5. Configuring Mason

6. IP protocols and their firewall characteristics

• 6.1 Standard TCP and UDP protocols
• 6.2 ICMP
• 6.3 DNS
• 6.4 FTP
• 6.5 Netbios
• 6.6 NTP
• 6.7 SSH
• 6.8 Other IP protocols

7. Version summary (out of date, sorry)

8. Advanced scenarios

• 8.1 General approach
• 8.2 Ordering rules
• 8.3 Tips and tricks

9. Notes about Mason itself

• 9.1 File descriptions

10. Additional resources

11. Authors, credits, feedback, copyright, how to help!

• 11.1 Thanks