An riga an saki firewalld 1.2 kuma waɗannan labaran ne

Kwanan nan ƙaddamar da sabon sigar Tacewar zaɓi na gudanarwa mai ƙarfi Firewalld 1.2, aiwatar da shi azaman abin rufewa a saman nftables da matatun fakitin iptables.

Ga wadanda basu san Firewalld ba, zan iya gaya muku hakan Tacewar wuta ce mai ƙarfi da za a iya sarrafawa, tare da goyan bayan yankunan cibiyar sadarwa don ayyana matakin amincin cibiyoyin sadarwa ko musaya da kuke amfani da su don haɗawa. Yana da goyan baya ga IPv4, IPv6 daidaitawa da gadoji na ethernet.

Hakanan, firewalld yana kula da tsarin aiki da tsarin dindindin daban. Don haka, Firewalld yana ba da hanyar sadarwa don aikace-aikace don ƙara dokoki zuwa Tacewar zaɓi ta hanya mai dacewa.

Tsohuwar ƙirar wuta (system-config-firewall/lokkit) ta tsaya tsayin daka kuma kowane canji yana buƙatar cikakken sake saitin bangon wuta. Wannan yana nufin dole a sauke kayan aikin wuta na kernel (misali netfilter) kuma a sake loda su akan kowane tsari. Bugu da kari, wannan sake kunnawa yana nufin rasa bayanin matsayi na kafaffun haɗin kai.

A akasin wannan, firewalld baya buƙatar sake kunna sabis don amfani da sabon saiti. Saboda haka, ba lallai ba ne a sake shigar da kayan kwaya. Babban koma baya shine don duk wannan ya yi aiki daidai, dole ne a yi tsarin tsarin tacewar wuta ta hanyar Firewalld da kayan aikin sa (firewall-cmd ko Firewall-config). Firewalld yana da ikon ƙara ƙa'idodi ta amfani da syntax iri ɗaya da umarnin {ip,ip6,eb}(dokokin kai tsaye).

Sabis ɗin Hakanan yana ba da bayanai game da daidaitawar tacewar wuta ta yanzu ta hanyar DBus, kuma haka nan kuma ana iya ƙara sabbin dokoki, ta amfani da PolicyKit don aikin tantancewa.

Firewalld yana gudana azaman tsari na bango wanda ke ba da damar canza ƙa'idodin tace fakiti akan D-Bus ba tare da sake loda ka'idodin tace fakiti ba kuma ba tare da cire haɗin haɗin gwiwa ba.

Don sarrafa Tacewar zaɓi, ana amfani da Tacewar zaɓi-cmd mai amfani wanda, lokacin ƙirƙirar dokoki, ba a dogara da adiresoshin IP ba, hanyoyin sadarwa na cibiyar sadarwa, da lambobin tashar jiragen ruwa, amma akan sunayen ayyuka (alal misali, don buɗe damar SSH, kuna buƙatar gudanar da “firewall-cmd – add — service=ssh”) , don rufe SSH - "Firewall-cmd -remove -service=ssh").

Hakanan za'a iya amfani da madaidaicin hoto na Firewall-Confi (GTK) da kuma applet ta Firewall-applet (Qt) don canza saitunan wuta. Taimako don sarrafa tacewar wuta ta hanyar D-BUS API Firewalld yana samuwa daga ayyuka kamar NetworkManager, libvirt, podman, docker, da fail2ban.

Babban sabbin fasalulluka na Firewalld 1.2

A cikin wannan sabon sigar An aiwatar da ayyukan snmptls ​​da snmptls-trap don sarrafa damar shiga yarjejeniyar SNMP ta hanyar amintaccen tashar sadarwa.

An kuma haskaka cewa aiwatar da sabis wanda ke goyan bayan ƙa'idar da aka yi amfani da ita a cikin tsarin fayil na IPFS karkatattu.

Wani canji da yayi fice a wannan sabon sigar shine an ƙara ayyuka tare da tallafi para gpsd, ident, ps3netsrv, CrateDB, checkmk, netdata, Kodi JSON-RPC, EventServer, Prometheus node-exporter, kubelet-readonly.

Baya ga wannan, an kuma yi nuni da cewa Yanayin taya rashin tsaro, wanda ke ba da izini, idan akwai matsaloli tare da ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun tsarin, ba tare da barin mai watsa shiri ba tare da kariya ba.

Na sauran canje-canje wanda ya fice daga wannan sabon sigar:

  • Ƙara ma'aunin "-log-target".
  • Bash yana ba da goyan baya don cika umarnin umarni don aiki tare da dokoki.
  • An ƙara amintaccen sigar k8s direban abubuwan haɗin gwal

Idan kuna sha'awar ƙarin sani game da wannan sabon sigar, zaku iya tuntuɓar cikakkun bayanai a cikin bin hanyar haɗi.

Samun Firewalld 1.2

Daga karshe ga wadanda suke masu sha'awar samun damar shigar da wannan Firewall, Ya kamata ku san cewa an riga an yi amfani da aikin akan yawancin rarrabawar Linux, ciki har da RHEL 7+, Fedora 18+, da SUSE / openSUSE 15+. An rubuta lambar ta Firewalld a cikin Python kuma an sake shi ƙarƙashin lasisin GPLv2.

Kuna iya samun lambar tushe don ginin ku daga mahaɗin da ke ƙasa.

Dangane da ɓangaren littafin mai amfani, Zan iya ba da shawarar masu zuwa.


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.