Mamwe mazuva apfuura iyo nyowani vhezheni yepaketi firita nftables 0.9.3 yakaburitswa, Izvo kukudziridza sekutsiva iptables, ip6table, arptable uye ebtables nekuda kwekubatanidzwa kwepaketi kusefa maficha ePv4, IPv6, ARP uye network mabhiriji.
Iyo nftables package inoshandisa zvikamu zveNetfilter zvigadzirwa, sai kubatanidza kuteedzera system . Iyo inoenderana dura yakarongedzwa zvakare kududzira aripo iptables firewall mitemo kune avo nftables vamwe.
Nezve Nftables
nftables inosanganisira packet firita zvikamu iyo inoshanda munzvimbo yemushandisi, ichiri padanho reiyo kernel, iyo subsystem nf_table inopa chikamu cheLinux kernel kubvira vhezheni 3.13.
Padanho rekernel, chinowoneka chete chinowoneka inozvimiririra kune yakasarudzika protocol uye inopa zvakakosha mabasa ekubvisa dhata kubva mumapakeji, kuita data mashandiro, uye kudzora kuyerera.
Iyo yekusefa pfungwa iyo pachayo uye neprotocol-yakatarwa maprosesa akaunganidzwa kuita bytecode munzvimbo yemushandisi, mushure meizvozvo iyi bytecode inoiswa mukati meiyo kernel uchishandisa iyo Netlink interface uye inomhanya mune yakakosha chaiyo muchina unoratidzika senge BPF (Berkeley Packet Mafirita).
Maitiro aya anotendera iwe kudzikisa zvakanyanya saizi yekodhi yekusefa inomhanya padanho rekernel uye kubvisa zvese parse mutemo mashandiro uye pfungwa yekushanda nemaprotocol munzvimbo yemushandisi.
Zvakanakira zvakakosha zve nftables ndeizvi:
- Architecture iyo yakadzamirwa mukati memukati
- Iyo syntax inosanganisa maturu ePtables mune imwechete yekuraira turu turu
- Chiyero chekuenderana chinogonesa kushandiswa kweIPtables kutonga syntax.
- Chinhu chitsva chiri nyore kudzidza syntax.
- Yakareruka maitiro ekuwedzera firewall mitemo.
- Yakagadziridzwa bug bug.
- Kuderedza kudzokorora kodhi.
- Zvirinani kuita kwese, kuchengetedza, uye shanduko dzekuwedzera kutonga kusefa.
Chii chitsva mune nftables 0.9.3?
Mune ino vhezheni nyowani yezvisingaite 0.9.3 yakawedzera rutsigiro rwekufananidza mapakeji kupfuuridza nguva. Nezve izvi iwe unogona kutsanangura iyo nguva nemisi nguva umo mutemo uchavhurwa uye woisa kumisikidza pamazuva ega ega evhiki. Zvakare yakawedzera nyowani "-T" Sarudzo yekuratidza Epoch nguva mumasekondi.
Imwe yeshanduko inomira pachena ndeye tsigiro yekudzoreredza nekuchengetedza maSELinux ma tag (secmark), hongu pamwe neiyo tsigiro yeiyo synproxy mepu zvinyorwa, ichikubvumidza iwe kutsanangura unopfuura mumwe mutemo pane backend.
Yeimwe shanduko izvo zvinoratidzika kubva pane iyi nyowani vhezheni:
- Kugona kwekubvisa zvine simba seti-set zvinhu kubva kupaketi yekugadzirisa mitemo.
- Tsigiro yeVLAN mepu neinongedzo uye protocol inotsanangurwa mune metadata yeiyo network bhiriji interface
- Sarudzo "-t" ("-terse") kusaseta set-set zvinhu kana uchiratidza mitemo. Paunenge uchiita "nft -t rondedzero yemitemo", inoratidza:
- Nft runyorwa mutemo wakaiswa.
- Iko kugona kudoma chinopfuura chimwe chishandiso mumambure enetdev (inoshanda ne kernel 5.5 chete) kusanganisa yakajairika firita mitemo.
- Kugona kuwedzera dhata dzerudzi.
- Kugona kuvaka CLI interface pamwe nelinenoise raibhurari pane libreadline.
Maitiro ekuisa iyo nyowani vhezheni yenftables 0.9.3?
Kuti utore vhezheni itsva parizvino kodhi yekodhi chete inogona kunyorwa pane yako system. Kunyangwe mune nyaya yemazuva iwo akatorongedzwa mabhinari mapakeji anowanikwa mukati meakasiyana maLinux.
kunze kwaizvozvo shanduko dzinodiwa kuti nftables 0.9.3 yekushanda isanganiswe mune ramangwana Linux kernel bazi 5.5. Naizvozvo, kuti ubatanidze unofanirwa kuve neanotevera madonhwe akaiswa:
Izvi zvinogona kunyorwa ne:
./autogen.sh
./configure
make
make install
Uye zve nftables 0.9.3 tinoitora kubva chinotevera chinongedzo. Uye kuunganidzwa kunoitwa nemirairo inotevera:
cd nftables
./autogen.sh
./configure
make
make install