Mason is a tool that interactively builds a firewall using Linux' ipfwadm or ipchains firewalling. You leave mason running on the firewall machine while you are making all the kinds of connections that you want the firewall to support (and want it to block). Mason gives you a list of firewall rules that exactly allow and block those connections.
Mason was specifically designed to make it possible for anyone with the ability to generally find their way around a Linux system to build a reasonably good packet filtering firewall for any and every system under their control. It takes care of all the low level grunt work; all you need to do is follow the instructions and be able to run all the TCP/IP applications that need to be supported.
The real work of the package is done by the mason script. Its job is to convert the log entries that the Linux kernel produces into ipfwadm or ipchains commands that you can use in your own firewall.
In order to make it easy to use, I have included a rudimentary tool called mason-gui-text. It's a very simple shell that handles the setup and creation process for those that want to be led through the process.I would sincerely like to see mason with a nicer interface.