Wasu kwanaki da suka gabata sabon sigar na fakiti mai tace nftables 0.9.3 ya fito, Cewa haɓaka matsayin maye gurbin kayan kwalliya, ip6table, arptables da ebtables saboda hadewar hanyoyin musayar fakiti don IPv4, IPv6, ARP da gadojin hanyar sadarwa.
Kunshin nftables yana amfani da sassan tsarin Netfilter kayayyakin more rayuwa, kamar tsarin bin hanyar haɗi (tsarin bin hanyar haɗi) ko tsarin rajista. An kuma samar da takaddun jituwa don fassara dokokin firewall na iptables da ake amfani da su zuwa daidaitattun su a cikin manyan kalmomi.
Game da Abubuwan Canji
Kayan aiki ya hada da kayan hada fakiti waɗanda ke aiki a sararin mai amfani, yayin yayin matakin kernel, tsarin ƙasa nf_tasaloli yana ba da wani ɓangare na kwayar Linux tun daga sigar 3.13.
A matakin kernel, kawai keɓaɓɓiyar kewayawa ake bayarwa wanda ke cin gashin kansa daga takamaiman yarjejeniya kuma yana ba da ayyuka na asali don cire bayanai daga fakiti, aiwatar da ayyukan bayanai, da kuma sarrafa kwarara.
Hanyar tace kanta da masu takamaiman yarjejeniya ana tattara su a cikin bytecode a cikin sararin mai amfani, bayan haka ana shigar da wannan bytecode a cikin kwaya ta amfani da hanyar Netlink kuma ana aiki da ita a cikin wata na’ura ta musamman wacce ta yi kama da BPF (Berkeley Packet Filters).
Wannan hanyar tana ba ku damar rage girman lambar tacewa da ke gudana a matakin kernel da kuma kawar da duk wani aiki na ƙa'idodin ƙa'idodi da ma'anar aiki tare da ladabi a cikin sararin mai amfani.
Babban fa'idojin nftables sune:
- Gine-ginen da aka saka a cikin ainihin
- Aikace-aikace wanda ke inganta kayan aikin IPtable zuwa kayan aikin layin umarni guda
- Layer jituwa wanda ke ba da izinin amfani da IPtables ƙa'idodin tsarin aiki.
- Wani sabon saukine don koyon haruffa.
- Saukakakken tsari na kara dokokin wuta.
- Ingantaccen rahoto.
- Ragewa a cikin maimaita lamba.
- Mafi kyawun aikin gabaɗaya, riƙewa, da ƙarin canje-canje don yin sarauta.
Menene sabo a nftables 0.9.3?
A cikin wannan sabon juzu'in nftables 0.9.3 ƙarin tallafi don fakitoci masu daidaitawa kan lokaci. Da wannan zaka iya ayyana lokaci da kwanan wata wanda doka za ta kunna kuma saita kunnawa a ranakun mutum na mako. Har ila yau, an ƙara sabon zaɓi "-T" don nuna lokacin da ya wuce cikin sakan.
Wani daga canje-canjen da yayi fice shine tallafi don dawo da adana alamun SELinux (alamar duniya), i da kuma jerin jerin taswirar synproxy, yana ba ka damar ayyana sama da doka ɗaya ta kowane baya.
Na sauran canje-canje wanda ya fice daga wannan sabon sigar:
- Abun iya cire abubuwan saiti da karfi daga dokokin sarrafa fakiti.
- Taimako don taswirar VLAN ta hanyar ganowa da ladabi da aka bayyana a cikin metadata na haɗin haɗin hanyar sadarwa
- Zaɓi "-t" ("–terse") don keɓance abubuwan da aka saita lokacin bayyana dokoki. Lokacin aiwatar da "nft -t jerin kundin tsarin mulki", zai nuna:
- Nft jerin dokokin da aka saita.
- Abilityarfin tantance abubuwa fiye da ɗaya a cikin layin netdev (yana aiki tare da kernel 5.5 kawai) don haɗa dokokin tace gama gari.
- Ikon ƙara bayanan bayanan bayanai.
- Ikon gina haɗin CLI tare da laburaren kayan kwalliya maimakon layin layin.
Yadda ake girka sabon fasalin nftables 0.9.3?
Don samun sabon sigar a halin yanzu lambar tushe kawai za a iya tattarawa akan tsarinka. Kodayake a cikin 'yan kwanaki akwai wadatattun kayan binary da za a samar a cikin rarraba Linux daban-daban.
Bayan haka canje-canjen da ake buƙata don nftables 0.9.3 don aiki ana haɗa su a cikin gaba reshen kwayar Linux na 5.5. Sabili da haka, don tattarawa, dole ne a girka masu dogaro da masu zuwa:
Wadannan za a iya tattara su tare da:
./autogen.sh
./configure
make
make install
Kuma don nftables 0.9.3 mun zazzage shi daga mahada mai zuwa. Kuma ana yin tattarawa tare da umarni masu zuwa:
cd nftables
./autogen.sh
./configure
make
make install