Mva nje ukumiliselwa kwe inguqulelo entsha yolawulo lomlilo oluguqukayo firewall 1.2, iphunyezwe njengesitya phezu kwee-nftables kunye ne-iptables packet filters.
Kwabo bangaziyo ngeFirewalld, ndingakuxelela loo nto ludonga olulawulekayo oluguqukayo, ngenkxaso yeendawo zothungelwano ukuchaza inqanaba lokuthemba lothungelwano okanye ujongano olusebenzisayo ukuqhagamshela. Inenkxaso ye-IPv4, IPv6 uqwalaselo kunye neebhulorho ze-Ethernet.
Ukongeza, firewall igcina uqwalaselo olusebenzayo kunye noqwalaselo olusisigxina ngokwahlukeneyo. Ngoko ke, i-firewalld ikwabonelela ngojongano lwezicelo ukuba lula ukongeza imithetho kwifirewall.
Imodeli yangaphambili yodonga lomlilo (inkqubo-config-firewall/lokkit) yayimi kwaye utshintsho ngalunye lwalufuna ukuqaliswa ngokupheleleyo kodonga lomlilo. Oku kuthetha ukuba kufuneka kukhululwe iimodyuli ze-kernel firewall (umzekelo. i-netfilter) kwaye uzilayishe kwakhona kuqwalaselo ngalunye. Ukongeza, oku kuqalisa kwakhona kuthetha ukuphulukana nolwazi lobume boqhagamshelwano olusekiweyo.
Kunoko, I-firewalld ayifuni kuphinda iqale inkonzo ukuze ifake uqwalaselo olutsha. Ke ngoko, akukho mfuneko yokulayisha kwakhona iimodyuli zekernel. I-drawback kuphela kukuba yonke le nto isebenze ngokuchanekileyo, ukucwangciswa kwe-firewall kufuneka kwenziwe nge-firewalld kunye nezixhobo zayo zokucwangcisa (i-firewall-cmd okanye i-firewall-config). I-Firewalld iyakwazi ukongeza imigaqo isebenzisa isivakalisi esifanayo neso {ip,ip6,eb} imiyalelo yeetafile (imithetho ethe ngqo).
Inkonzo Ikwabonelela ngolwazi malunga noqwalaselo lwangoku lwe-firewall nge-DBus., kwaye ngendlela efanayo imigaqo emitsha nayo inokongezwa, usebenzisa iPolisiKit kwinkqubo yokuqinisekisa.
I-Firewalld isebenza njengenkqubo yangasemva evumela ukuba imithetho yepakethi yokucoca iguqulwe ngamandla phezu kwe-D-Bus ngaphandle kokulayisha kwakhona imigaqo yokucoca ipakethi kwaye ngaphandle kokuqhawula imidibaniso esekiweyo.
Ukulawula i-firewall, i-firewall-cmd isetyenziswa leyo, xa usenza imithetho, ayisekelwanga kwiidilesi ze-IP, ujongano lwenethiwekhi kunye neenombolo zezibuko, kodwa kumagama enkonzo (umzekelo, ukuvula ufikelelo lwe-SSH, kufuneka usebenzise "firewall-cmd - add - service=ssh", ukuvala SSH – “firewall-cmd –remove –service=ssh”).
I-firewall-config graphical interface (GTK) kunye ne-firewall-applet (Qt) nazo zinokusetyenziselwa ukutshintsha izicwangciso zokhuseleko. Inkxaso yokulawula i-firewall nge-D-BUS API firewalld iyafumaneka kwiiprojekthi ezifana ne-NetworkManager, libvirt, podman, docker kunye ne-fail2ban.
Iimpawu ezintsha eziphambili ze-firewall 1.2
Kule nguqulo intsha snmptls kunye neenkonzo ze-snmptls-trap ziye zaphunyezwa ukulawula ukufikelela kwiprotocol yeSNMP kumjelo wonxibelelwano okhuselekileyo.
Kuyacaciswa ukuba iphumeze inkonzo exhasa umthetho olandelwayo osetyenziswa kwindlela yefayile ye IPFS yanatyisiwe.
Olunye utshintsho olwahlukileyo kule nguqulo intsha kukuba iinkonzo ezinenkxaso zongezwa for gpsd, ident, ps3netsrv, CrateDB, checkmk, netdata, Kodi JSON-RPC, EventServer, Prometheus node-exporter, kubelet-readonly.
Ukongeza koku, kukwagxininiswa ukuba yongeza imowudi ye-failsafe yokuqalisa, evumela, kwimeko yeengxaki ngemigaqo ekhankanyiweyo, ukubuyela kuqwalaselo olungagqibekanga ngaphandle kokushiya umamkeli engakhuselekanga.
Olunye utshintsho evelele kule nguqulo intsha:
- Kongezwe iparamitha "-log-target".
- I-Bash inikezela ngenkxaso yomyalelo wokugqitywa ngokuzenzekelayo ekusebenzeni ngemithetho.
- Kongezwe uhlobo olukhuselekileyo lwamacandelo eblueprint yomqhubi we-k8s
Ukuba unomdla wokwazi ngakumbi ngale nguqulelo intsha, ungajongana neenkcukacha kwi ukulandela ikhonkco.
Fumana iFirewall 1.2
Ekugqibeleni kwabo banjalo unomdla wokwazi ukufaka le Firewall, kufuneka wazi ukuba iprojekthi sele isetyenziswa kunikezelo oluninzi lweLinux, kubandakanya iRHEL 7+, Fedora 18+, kunye neSUSE/openSUSE 15+. Ikhowudi ye-firewall ibhalwe kwiPython kwaye ikhutshwe phantsi kwelayisensi ye-GPLv2.
Unokufumana ikhowudi yomthombo wokwakha kwakho kwikhonkco elingezantsi.
Ngokuphathelele inxalenye yencwadana yomsebenzisi, Ndingacebisa le ilandelayo.