I-firewall 1.2 sele ikhutshiwe kwaye ezi ziindaba zayo

Mva nje ukumiliselwa kwe inguqulelo entsha yolawulo lomlilo oluguqukayo firewall 1.2, iphunyezwe njenge-wrapper phezulu kwee-nftables kunye ne-iptables packet filters.

Kwabo bangayaziyo iFirewalld, ndingakuxelela loo nto ludonga olulawulekayo oluguqukayo, ngenkxaso yeendawo zothungelwano ukuchaza inqanaba lentembeko yothungelwano okanye ujongano olusebenzisa ukudibanisa. Inenkxaso ye-IPv4, IPv6 uqwalaselo kunye neebhulorho ze-ethernet.

Kwakhona, i-firewall igcina uqwalaselo olusebenzayo kunye noqwalaselo olusisigxina ngokwahlukeneyo. Ngaloo ndlela, i-firewalld ikwabonelela ngojongano lwezicelo ukongeza imithetho kwifirewall ngendlela efanelekileyo.

Imodeli endala yodonga lomlilo (inkqubo-config-firewall/lokkit) yayimi kwaye utshintsho ngalunye lwalufuna ukusetwa kwakhona kodonga olupheleleyo. Oku kuthetha ukuba kufuneka kukhululwe iimodyuli ze-kernel firewall (umzekelo i-netfilter) kwaye uzilayishe kwakhona kuqwalaselo ngalunye. Ukongeza, oku kuqalisa kwakhona kuthetha ukuphulukana nolwazi lobume boqhagamshelwano olusekiweyo.

Kunoko, I-firewall ayifuni kuqalwa kwakhona kwenkonzo ukufaka uqwalaselo olutsha. Ngoko ke, akuyimfuneko ukulayisha kwakhona iimodyuli ze-kernel. I-drawback kuphela kukuba yonke le nto isebenze ngokuchanekileyo, ukucwangciswa kwe-firewall kufuneka kwenziwe nge-firewalld kunye nezixhobo zayo zokucwangcisa (i-firewall-cmd okanye i-firewall-config). I-Firewalld iyakwazi ukongeza imigaqo isebenzisa isivakalisi esifanayo neso {ip,ip6,eb} imiyalelo yeetafile (imithetho ethe ngqo).

Inkonzo ikwabonelela ngolwazi malunga noqwalaselo lwangoku lwefirewall ngeDBus, kwaye ngendlela efanayo imigaqo emitsha nayo inokongezwa, usebenzisa iPolisiKit kwinkqubo yokuqinisekisa.

I-Firewalld isebenza njengenkqubo yangasemva evumela ukuba imithetho yepakethi yokucoca iguqulwe ngamandla phezu kwe-D-Bus ngaphandle kokulayisha kwakhona imigaqo yokucoca ipakethi kwaye ngaphandle kokuqhawula imidibaniso esekiweyo.

Ukulawula i-firewall, i-firewall-cmd eluncedo iyasetyenziswa leyo, xa udala imithetho, ayisekelwe kwiidilesi ze-IP, ujongano lwenethiwekhi, kunye neenombolo zezibuko, kodwa kumagama eenkonzo (umzekelo, ukuvula ukufikelela kwe-SSH, kufuneka usebenzise "firewall-cmd - add - service=ssh" , ukuvala i-SSH – “firewall-cmd –remove –service=ssh”).

I-firewall-config (GTK) ujongano lwegraphical kunye ne-applet ye-firewall-applet (Qt) nazo zinokusetyenziselwa ukutshintsha izicwangciso zokhuseleko. Inkxaso yolawulo lomlilo nge-D-BUS API firewalld iyafumaneka kwiiprojekthi ezifana ne-NetworkManager, libvirt, podman, docker, kunye ne-fail2ban.

Iimpawu ezintsha eziphambili ze-firewall 1.2

Kule nguqulo intsha Iinkonzo ze-snmptls ​​kunye ne-snmptls-trap ziye zaphunyezwa ukulawula ukufikelela kwiprotocol yeSNMP ngokusebenzisa umjelo wonxibelelwano okhuselekileyo.

Kuyacaciswa ukuba iphumeze inkonzo exhasa umthetho olandelwayo osetyenziswa kwindlela yefayile ye IPFS yanatyisiwe.

Olunye utshintsho olwahlukileyo kule nguqulo intsha kukuba iinkonzo ezinenkxaso zongezwa for gpsd, ident, ps3netsrv, CrateDB, checkmk, netdata, Kodi JSON-RPC, EventServer, Prometheus node-exporter, kubelet-readonly.

Ukongeza koku, kukwagxininiswa ukuba yongeza imowudi ye-failsafe yokuqalisa, evumela, kwimeko yeengxaki ngemigaqo ekhankanyiweyo, ukubuyela kuqwalaselo olungagqibekanga ngaphandle kokushiya umamkeli engakhuselekanga.

Olunye utshintsho evelele kule nguqulo intsha:

  • Kongezwe iparamitha "-log-target".
  • I-Bash inikezela ngenkxaso yomyalelo wokugqitywa ngokuzenzekelayo ukuze usebenze ngemithetho.
  • Kongezwe uguqulelo olukhuselekileyo lwamacandelo eblueprint yomqhubi we-k8s

Ukuba unomdla wokwazi ngakumbi ngale nguqulelo intsha, ungajongana neenkcukacha kwi ukulandela ikhonkco.

Fumana iFirewall 1.2

Ekugqibeleni kwabo banjalo unomdla wokwazi ukufaka le Firewall, kufuneka wazi ukuba iprojekthi sele isetyenziswa kunikezelo oluninzi lweLinux, kubandakanya iRHEL 7+, Fedora 18+, kunye neSUSE/openSUSE 15+. Ikhowudi ye-firewall ibhalwe kwiPython kwaye ikhutshwe phantsi kwelayisensi ye-GPLv2.

Unokufumana ikhowudi yomthombo wokwakha kwakho kwikhonkco elingezantsi.

Ngokuphathelele inxalenye yencwadana yomsebenzisi, Ndingacebisa oku kulandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.