Munguva pfupi yapfuura kuvhurwa kwe iyo itsva vhezheni yeiyo dynamic management firewall firewall 1.2, inoshandiswa seyakaputira pamusoro peiyo nftables uye iptables packet mafirita.
Kune avo vasingazive Firewalld, ndinogona kukuudza izvozvo ndeye inogoneka ine simba firewall, nerutsigiro rwenzvimbo dzenetiweki kutsanangura nhanho yekuvimbika kwemanetiweki kana mainterface aunoshandisa kubatanidza. Iine rutsigiro rweIPv4, IPv6 zvigadziriso uye ethernet mabhiriji.
Uyezve, firewall inochengetedza dhizaini yekumhanya uye gadziriso yekusingaperi zvakasiyana. Nekudaro, firewalld inopawo chinongedzo chekushandisa kuwedzera mitemo kune firewall nenzira iri nyore.
Iyo yekare firewall modhi (system-config-firewall/lokkit) yaive static uye shanduko yega yega yaida yakazara firewall reset. Izvi zvaireva kuburitsa kernel firewall modules (eg netfilter) uye kuirodha zvakare pane zvese zvigadziriso. Pamusoro pezvo, kutangazve uku kwaireva kurasikirwa neruzivo rwemamiriro ezvibatanidza zvakasimbiswa.
Pane zvakasiyana, firewalld haidi kuti sevhisi itangezve kushandisa gadziriso nyowani. Naizvozvo, hazvifanirwe kurodhazve kernel modules. Chinhu chimwe chete chinokanganisa ndechekuti kuti zvese izvi zvishande nemazvo, iyo firewall configuration inofanira kuitwa kuburikidza ne firewalld uye maturusi ekugadzirisa (firewall-cmd kana firewall-config). Firewalld inokwanisa kuwedzera mitemo ichishandisa syntax yakafanana ne {ip, ip6, eb} mirairo yematafura (yakananga mitemo).
Basa racho inopawo ruzivo nezve yazvino firewall kumisikidzwa kuburikidza neDBus, uye nenzira imwecheteyo mitemo mitsva inogonawo kuwedzerwa, uchishandisa PolicyKit yehutano hwechokwadi.
Firewalld inomhanya senge yekumashure maitiro inobvumira packet filter mitemo kuti ichinje zvine simba pamusoro peD-Bhazi pasina kurodha pakiti sefa yemitemo uye pasina kudimbura zvinongedzo zvakasimbiswa.
Kugadzirisa firewall, iyo inoshandiswa firewall-cmd inoshandiswa iyo, kana uchigadzira mitemo, haina kubva paI IP kero, network interfaces, uye nhamba dzechiteshi, asi pamazita emasevhisi (semuenzaniso, kuvhura SSH kuwana, unofanirwa kumhanya "firewall-cmd - wedzera - service=ssh" , kuvhara SSH - "firewall-cmd -remove -service=ssh").
Iyo firewall-config (GTK) graphical interface uye firewall-applet (Qt) applet inogona kushandiswawo kushandura firewall marongero. Tsigiro ye firewall manejimendi kuburikidza neD-BUS API firewalld inowanikwa kubva kumapurojekiti akadai seNetworkManager, libvirt, podman, docker, uye fail2ban.
Hunhu hutsva hutsva hwe firewalld 1.2
Mune iyi vhezheni itsva snmptls uye snmptls-trap masevhisi akaitwa kubata kupinda kune SNMP protocol kuburikidza neyakachengeteka yekutaurirana chiteshi.
Izvo zvakare zvakasimbiswa izvo akaita sevhisi inotsigira protocol inoshandiswa muIPFS faira system decentralized.
Imwe shanduko inomira mushanduro iyi nyowani ndeyekuti masevhisi ane rutsigiro akawedzerwa nokuti gpsd, ident, ps3netsrv, CrateDB, checkmk, netdata, Kodi JSON-RPC, EventServer, Prometheus node-exporter, kubelet-readonly.
Mukuwedzera kune izvi, zvinoratidzwa zvakare kuti yakawedzera failsafe boot mode, iyo inobvumira, mumatambudziko nemirairo yakataurwa, kudzokera kune yakagadziriswa kugadzirisa pasina kusiya muenzi asina kudzivirirwa.
Yeimwe shanduko izvo zvinoratidzika kubva pane iyi nyowani vhezheni:
- Yakawedzera "-log-target" parameter.
- Bash inopa rutsigiro rwekuraira autocompletion kushanda nemitemo.
- Yakawedzera yakachengeteka vhezheni yek8s mutyairi blueprint zvikamu
Kana iwe uchida kuziva zvakawanda nezve iyi vhezheni itsva, unogona kubvunza ruzivo mune inotevera chinongedzo.
Tora Firewall 1.2
Pakupedzisira kune avo vari kufarira kukwanisa kuisa iyi Firewall, iwe unofanirwa kuziva kuti purojekiti yatove kushandiswa pane akawanda Linux kugovera, kusanganisira RHEL 7+, Fedora 18+, uye SUSE/openSUSE 15+. Iyo firewalld kodhi yakanyorwa muPython uye inoburitswa pasi peGPLv2 rezinesi.
Iwe unogona kuwana iyo source code yekuvaka kwako kubva pane iyi link iripazasi.
Kana chiri chikamu chebhuku remushandisi, Ndinogona kukurudzira zvinotevera.