_Lots_ of good new stuff. Mason handles log entries from ipchains or ipfwadm automatically. The command it runs can be either an ipchain or ipfwadm command, and it can output either an ipchain or ipfwadm command. All independently. See the ECHCOMMAND=... and DOCOMMAND=... parameters, above.
_Major_ speedup! Keep reading lines until the 7th-13th fields are different from the previous line; this probably quadruples Mason's throughput or better. Bonus points to the readers who can read morse code from the heartbeat output... Oh, and I added heartbeat output to show that Mason hasn't just crashed. :-)
Mason handles interfaces whose IP address changes automatically; see the DYNIF=... parameter, above.
Note: additional ipchains fields are:
L=Total length S=TOS I=ip->id? F=Fragment offset T=TTL
-k added to control the direction in which connections are made. Unfortunately, the ftp-data port doesn't honor the simple rule for -k; I suspect this is a consequence of PASV vs. "active?" ftp opening the data connection in one direction of the other. Hmmm... This was released to the world as 0.7.9.
(6/21/98) 20% speed improvement by changing read command. Local name cache added. On the fly policy changing. Comments. Major documentation updates. Another 20% performance improvement by replacing some sed's with bash internal pattern deletion. 6% more by using ${#..} instead of wc --bytes to size strings. Cut time necessary to process non-firewall lines in third by using && instead of -a.
(6/4/98) Documentation added
(6/2/98) Bare code, almost no documentation, ipfwadm support only.