Kwiintsuku ezithile ezidlulileyo Inguqulelo entsha ye-nftables 0.9.3 ipakethe yokucoca ikhutshwe, Oko phuhlisa njengokutshintsha kwee-iptables, ip6table, arptable kunye neebtables ngenxa yokudityaniswa kwepakethi yokucoca indawo ye-IPv4, IPv6, ARP kunye neebhlorho zenethiwekhi.
Iiphakheji ezingenanto isebenzisa iindawo eziyinxalenye yesiseko seNetfilter, njenge inkqubo yokulandela umkhondo ) Umaleko wokuhambelana ukwabonelelwa ngokuguqulela imigaqo ekhoyo ye-firewall kwii-nftables zabo.
Malunga Nftables
Nftables iquka icandelo lokucoca ipakethi esebenza kwindawo yomsebenzisi, ngelixa kwinqanaba le-kernel, inkqubo esezantsi Iifayile ibonelela ngendawo yeLinux kernel ukusukela kwinguqulelo 3.13.
Kwinqanaba le-kernel, kuphela ujongano oluqhelekileyo lunikiwe ezimeleyo kwiprotocol ethile kwaye inikezela ngemisebenzi eyisiseko yokukhupha idatha kwiipakethi, ukwenza imisebenzi yedatha kunye nokulawula ukuhamba.
Ingqiqo yokucoca ngokwayo kunye neeprosesa ezikhethekileyo zeprotocol zihlanganiswe kwi-bytecode kwindawo yomsebenzisi, emva koko le-bytecode ilayishwe kwi-kernel isebenzisa ujongano lwe-Netlink kwaye iqhutywe kumatshini okhethekileyo obonakala njenge-BPF (Izihluzo zePakethi zeBerkeley).
Le ndlela ikuvumela ukuba unciphise kakhulu ubungakanani bekhowudi yokucoca esebenza kwinqanaba le-kernel kwaye uphelise yonke imisebenzi yemithetho yokwahlula kunye nengqiqo yokusebenza kunye neeprotocol kwindawo yomsebenzisi.
Iinzuzo eziphambili ze-nftables zezi:
- I-Architecture edibeneyo kwi-core
- Isivakalisi esidibanisa izixhobo ze-IPtables zibe sisixhobo somgca womyalelo omnye
- Umaleko wokuhambelana ovumela ukusetyenziswa kwe-IPtables lawula i-syntax.
- Isivakalisi esitsha ekulula ukusifunda.
- Inkqubo eyenziwe lula yokongeza imithetho ye-firewall.
- Ingxelo yempazamo ephuculweyo.
- Ukuncitshiswa kophindaphindo lwekhowudi.
- Ukusebenza ngcono kukonke, ugcino, kunye notshintsho olongezelelekileyo kumthetho wokuhluza.
Yintoni entsha kwi-nftables 0.9.3?
Kolu guqulelo lutsha lwee-nftables 0.9.3 inkxaso eyongeziweyo yeepakethe ezihambelanayo ixesha elidlulele. Ngale nto unokuchaza ixesha kunye namathuba omhla apho umgaqo uya kwenziwa usebenze kwaye ulungiselele ukusebenza ngeentsuku zeveki. Kwakhona wongeze inketho entsha "-T" ukubonisa ixesha leepoch kwimizuzwana.
Olunye utshintsho olubalaseleyo luyi inkxaso yokubuyisela nokugcina iithegi ze-SELinux (secmark), ewe kunye ne inkxaso yoluhlu lweemephu ze synproxy, ikuvumela ukuba uchaze ngaphezulu komthetho omnye ngasemva.
Olunye utshintsho evelele kule nguqulo intsha:
- Ukukwazi ukususa ngokuguquguqukayo izinto ezisetyenzisiweyo kwimithetho yokuseta ipakethe.
- Inkxaso yemephu yeVLAN ngesichongi kunye neprotocol echazwe kwimetadata yojongano lwebhulorho yenethiwekhi
- “-t” (“–terse”) ukhetho lokungabandakanyi izinto eziseti-seti xa ubonisa imithetho. Ukubaleka "nft -t uluhlu lweseti yemithetho" iya kubonisa:
- uluhlu lwemithetho ye-nft.
- Ukukwazi ukucacisa ngaphezu kwesixhobo esinye kwimixokelelwane ye-netdev (isebenza nge-kernel 5.5 kuphela) ukudibanisa imigaqo yokucoca eqhelekileyo.
- Ukukwazi ukongeza iinkcazo zohlobo lwedatha.
- Ukukwazi ukwakha i-interface ye-CLI kunye nelayibrari ye-linenoise endaweni ye-libreadline.
Uyifaka njani ingxelo entsha yenftables 0.9.3?
Ukufumana ingxelo entsha Okwangoku kuphela ikhowudi yemvelaphi enokudityaniswa kwindlela yakho. Nangona kwisithuba seentsuku esele zihlanganisiwe iiphakheji yokubini iya kufumaneka kulwabiwo olwahlukileyo lweLinux.
ngaphandle koko Utshintsho oluyimfuneko kwi-nftables 0.9.3 ukusebenza lubandakanyiwe kwisebe le-Linux 5.5 kernel ezayo. Ke ukuqokelela, kufuneka ube nokuxhomekeka kulandelayo kufakwe:
Ezi zinokudityaniswa kunye:
./autogen.sh
./configure
make
make install
Kwaye ii-nftables 0.9.3 siyikhuphela kuyo eli khonkco lilandelayo. Ukudityaniswa kwenziwa ngale miyalelo ilandelayo:
cd nftables
./autogen.sh
./configure
make
make install