Uhlobo olusha lwama-nftables 0.9.3 seluyatholakala

Darkcrizt

Imizuzu ye-4

Amathebula we-NFT

Ezinsukwini ezithile ezedlule kukhishwe inguqulo entsha yesihlungi sephakethe i-nftables 0.9.3, Lokho ukuthuthukisa njengokufaka esikhundleni se-iptables, ip6table, arptable nama-ebtables ngenxa yokuhlanganiswa kwamaphakethe wokuhlunga iphakethe we-IPv4, IPv6, ARP namabhuloho enethiwekhi.

Iphakethe le-nftables isebenzisa izingxenye zesakhiwo sengqalasizinda yeNetfilter, njenge- uhlelo lokulandela ngomkhondo uxhumano (uhlelo lokulandela ngomkhondo ukuxhumeka) noma uhlelo olungaphansi lokubhalisa. Isendlalelo sokuhambisana sibuye sihlinzekelwe ukuhumusha imithetho ekhona ye-iptables firewall kozakwabo abango-nftables.

Mayelana Nftables

Ama-Nftables kufaka phakathi izinto zokuhlunga iphakethe ezisebenza esikhaleni somsebenzisi, ngenkathi zisezingeni le-kernel, isistimu engaphansi amathebula we-nf_ inikeza ingxenye ye-Linux kernel kusukela enguqulweni engu-3.13.

Ezingeni le-kernel, kunikezwa i-interface ejwayelekile kuphela ezimele kuprothokholi ethize futhi enikezela ngemisebenzi eyisisekelo yokukhipha idatha kumaphakethe, yenze imisebenzi yedatha, futhi ilawule ukugeleza.

I-logic yokuhlunga uqobo kanye nama-processor processor processors ahlanganiswa abe yi-bytecode esikhaleni somsebenzisi, ngemuva kwalokho le-bytecode ilayishwa ku-kernel isebenzisa isikhombimsebenzisi se-Netlink bese isebenza ngomshini okhethekile obukeka njenge-BPF (Berkeley Packet Filters).

Le ndlela ikuvumela ukuthi wehlise kakhulu ubukhulu bekhodi yokuhlunga egijima ezingeni le-kernel futhi uqede yonke imithetho yokuhlaziya nokusebenza komqondo wokusebenza ngamaphrothokholi esikhaleni somsebenzisi.

Izinzuzo eziyinhloko zama-nftables yilezi:

  • Izakhiwo zokwakha ezishumekwe kumongo
  • I-syntax ehlanganisa amathuluzi we-IPtables abe yithuluzi elilodwa lomugqa womyalo
  • Isendlalelo sokuhambisana esivumela ukusetshenziswa kwama-IPtables ukulawula i-syntax.
  • I-syntax entsha elula yokufunda.
  • Inqubo elula yokwengeza imithetho ye-firewall.
  • Kuthuthukiswe ukubikwa kweziphazamisi.
  • Ukwehliswa kokuphindaphindeka kwekhodi.
  • Ukusebenza okungcono okuphelele, ukugcinwa, kanye nezinguquko ezengeziwe zokuhlunga umthetho.

Yini okusha kuma-nftables 0.9.3?

Kule nguqulo entsha yama-nftables 0.9.3 kungezwe ukusekelwa kwamaphakeji afanayo ngokuhamba kwesikhathi. Ngalokhu ungachaza izikhathi nezikhathi zezikhathi lapho umthetho uzosebenza khona futhi ulungiselele ukwenziwa kusebenze ngezinsuku ezithile zeviki. Futhi kungezwe inketho entsha "-T" ukukhombisa isikhathi se-Epoch ngemizuzwana.

Olunye ushintsho olugqamile yi ukusekelwa kokubuyisa nokonga amathegi we-SELinux (secmark), yebo kanye ne- ukusekelwa kohlu lwemephu ye-synproxy, ikuvumela ukuthi uchaze imithetho engaphezu kweyodwa emuva ngakunye.

Kwezinye izinguquko okuvelele kule nguqulo entsha:

  • Amandla okususa ngamandla izinto zokusetha ezisethwe emithethweni yokucubungula iphakethe.
  • Ukusekelwa kwemephu ye-VLAN ngesihlonzi ne-protocol echazwe kumethadatha yesixhumi esibonakalayo senethiwekhi
  • Inketho "-t" ("–terse") ukukhipha izinto zokusetha lapho kukhonjiswa imithetho. Lapho kwenziwa i- "nft -t list ruleet", Izobonisa:
  • Kusethwe umthetho wohlu lwe-Nft.
  • Amandla okucacisa ngaphezu kweyodwa yedivayisi ezintanjeni ze-netdev (isebenza nge-kernel 5.5 kuphela) ukuhlanganisa imithetho ejwayelekile yokuhlunga.
  • Amandla wokungeza izincazelo zohlobo lwedatha.
  • Amandla wokwakha isikhombimsebenzisi se-CLI nelabhulali ye-linenoise esikhundleni se-libreadline.

Ungayifaka kanjani inguqulo entsha yama-nftables 0.9.3?

Ukuthola inguqulo entsha okwamanje ikhodi yomthombo kuphela engahlanganiswa kusistimu yakho. Yize ezinsukwini ezimbalwa amaphakheji kanambambili ahlanganisiwe azotholakala ngaphakathi kokusatshalaliswa okwehlukile kweLinux.

Ngaphandle kwalokho ushintsho oludingekayo kuma-nftables 0.9.3 ukuze lusebenze lufakiwe egatsheni le-Linux kernel elizayo 5.5. Ngakho-ke, ukuze uhlanganise, kufanele ube nokuncika okulandelayo okufakiwe:

Lokhu kungahlanganiswa no:

./autogen.sh
./configure
make
make install

Futhi i-nftables 0.9.3 siyilanda kusuka ku- isixhumanisi esilandelayo. Futhi ukuhlanganiswa kwenziwa ngemiyalo elandelayo:

cd nftables
./autogen.sh
./configure
make
make install


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.