File: mason.html

package info (click to toggle)
mason 1.0.0-13
  • links: PTS
  • area: main
  • in suites: bookworm, bullseye, buster
  • size: 2,300 kB
  • sloc: sh: 4,158; makefile: 104
file content (128 lines) | stat: -rw-r--r-- 4,813 bytes parent folder | download | duplicates (6) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
 <TITLE>The Mason HOWTO</TITLE>
 <LINK HREF="mason-1.html" REL=next>


</HEAD>
<BODY>
<A HREF="mason-1.html"><IMG SRC="next.gif" ALT="Next"></A>
<IMG SRC="prev.gif" ALT="Previous">
<IMG SRC="toc.gif" ALT="Contents">
<HR>
<H1>The Mason HOWTO</H1>

        
<H2>William Stearns
        <CODE>
<A HREF="mailto:wstearns@pobox.com">wstearns@pobox.com</A></CODE>
        </H2>v1.0.0, May 2002
        
<P><HR>
<EM>            This describes the basic operation of Mason and its use in
                creating firewalls under Linux.
        </EM>
<HR>
<P>
<H2><A NAME="toc1">1.</A> <A HREF="mason-1.html">Formalities</A></H2>

<UL>
<LI><A HREF="mason-1.html#ss1.1">1.1 Disclaimer</A>
<LI><A HREF="mason-1.html#ss1.2">1.2 Copyleft</A>
</UL>
<P>
<H2><A NAME="toc2">2.</A> <A HREF="mason-2.html">Introduction</A></H2>

<UL>
<LI><A HREF="mason-2.html#ss2.1">2.1 Background and motivation</A>
<LI><A HREF="mason-2.html#ss2.2">2.2 Basic theory of operation</A>
<LI><A HREF="mason-2.html#ss2.3">2.3 Compatibility and requirements</A>
<LI><A HREF="mason-2.html#ss2.4">2.4 Features</A>
</UL>
<P>
<H2><A NAME="toc3">3.</A> <A HREF="mason-3.html">Quickstart</A></H2>

<UL>
<LI><A HREF="mason-3.html#ss3.1">3.1 Make sure the system is already pretty secure.</A>
<LI><A HREF="mason-3.html#ss3.2">3.2 Install the Mason package</A>
<LI><A HREF="mason-3.html#ss3.3">3.3 Prepare /etc/services</A>
<LI><A HREF="mason-3.html#ss3.4">3.4 Prepare /etc/hosts</A>
<LI><A HREF="mason-3.html#ss3.5">3.5 Prepare the routing table and interfaces</A>
<LI><A HREF="mason-3.html#ss3.6">3.6 Check the configuration file</A>
<LI><A HREF="mason-3.html#ss3.7">3.7 Place any known rules in /var/lib/mason/baserules</A>
<LI><A HREF="mason-3.html#ss3.8">3.8 Run mason-gui-text</A>
<LI><A HREF="mason-3.html#ss3.9">3.9 Tell your boss that you're going to need a few weeks to build this.</A>
<LI><A HREF="mason-3.html#ss3.10">3.10 Implement the final firewall.</A>
</UL>
<P>
<H2><A NAME="toc4">4.</A> <A HREF="mason-4.html">Special considerations</A></H2>

<UL>
<LI><A HREF="mason-4.html#ss4.1">4.1 Kernel</A>
<LI><A HREF="mason-4.html#ss4.2">4.2 Ipfw, Ipfwadm, Ipchains, and Iptables</A>
<LI><A HREF="mason-4.html#ss4.3">4.3 DNS</A>
<LI><A HREF="mason-4.html#ss4.4">4.4 Rule order</A>
<LI><A HREF="mason-4.html#ss4.5">4.5 Generalization</A>
<LI><A HREF="mason-4.html#ss4.6">4.6 Router or end node</A>
<LI><A HREF="mason-4.html#ss4.7">4.7 Slow machines or fast nics</A>
<LI><A HREF="mason-4.html#ss4.8">4.8 Active hacking while mason running</A>
<LI><A HREF="mason-4.html#ss4.9">4.9 Masquerading</A>
<LI><A HREF="mason-4.html#ss4.10">4.10 Offline and non-root creation</A>
<LI><A HREF="mason-4.html#ss4.11">4.11 /etc/services and special ports</A>
<LI><A HREF="mason-4.html#ss4.12">4.12 Insert vs. append</A>
<LI><A HREF="mason-4.html#ss4.13">4.13 Allow versus deny and reject</A>
<LI><A HREF="mason-4.html#ss4.14">4.14 Input, Output, and Forwarding</A>
<LI><A HREF="mason-4.html#ss4.15">4.15 Remote firewall creation - Telnet/ssh lockout</A>
<LI><A HREF="mason-4.html#ss4.16">4.16 Ack flag</A>
<LI><A HREF="mason-4.html#ss4.17">4.17 Limitations, Ideas and future enhancements</A>
</UL>
<P>
<H2><A NAME="toc5">5.</A> <A HREF="mason-5.html">Configuring Mason</A></H2>

<P>
<H2><A NAME="toc6">6.</A> <A HREF="mason-6.html">IP protocols and their firewall characteristics</A></H2>

<UL>
<LI><A HREF="mason-6.html#ss6.1">6.1 Standard TCP and UDP protocols</A>
<LI><A HREF="mason-6.html#ss6.2">6.2 ICMP</A>
<LI><A HREF="mason-6.html#ss6.3">6.3 DNS</A>
<LI><A HREF="mason-6.html#ss6.4">6.4 FTP</A>
<LI><A HREF="mason-6.html#ss6.5">6.5 Netbios</A>
<LI><A HREF="mason-6.html#ss6.6">6.6 NTP</A>
<LI><A HREF="mason-6.html#ss6.7">6.7 SSH</A>
<LI><A HREF="mason-6.html#ss6.8">6.8 Other IP protocols</A>
</UL>
<P>
<H2><A NAME="toc7">7.</A> <A HREF="mason-7.html">Version summary (out of date, sorry)</A></H2>

<P>
<H2><A NAME="toc8">8.</A> <A HREF="mason-8.html">Advanced scenarios</A></H2>

<UL>
<LI><A HREF="mason-8.html#ss8.1">8.1 General approach</A>
<LI><A HREF="mason-8.html#ss8.2">8.2 Ordering rules</A>
<LI><A HREF="mason-8.html#ss8.3">8.3 Tips and tricks</A>
</UL>
<P>
<H2><A NAME="toc9">9.</A> <A HREF="mason-9.html">Notes about Mason itself</A></H2>

<UL>
<LI><A HREF="mason-9.html#ss9.1">9.1 File descriptions</A>
</UL>
<P>
<H2><A NAME="toc10">10.</A> <A HREF="mason-10.html">Additional resources</A></H2>

<P>
<H2><A NAME="toc11">11.</A> <A HREF="mason-11.html">Authors, credits, feedback, copyright, how to help!</A></H2>

<UL>
<LI><A HREF="mason-11.html#ss11.1">11.1 Thanks</A>
</UL>
<HR>
<A HREF="mason-1.html"><IMG SRC="next.gif" ALT="Next"></A>
<IMG SRC="prev.gif" ALT="Previous">
<IMG SRC="toc.gif" ALT="Contents">
</BODY>
</HTML>