Firewall, yakanakisa firewall manejimendi chishandiso

Zvizhinji zve Kugoverwa kweLinux kune yavo firewall masevhisi isati yavakwa, saka mushandisi kazhinji haafanire kupindira muchikamu ichi. Asi dzimwe nguva imwe mhando yekumisikidzwa yakakosha inodiwa kana kune chero chimwe chinhu chinodiwa nemushandisi.

Uye ndosaka nhasi ngatitaure firewalld, iyo is a dynamic controlable firewall, zvinokutendera kuti utore iyo Firewall nerutsigiro rwetiweki nzvimbo kutsanangura nhanho yekuvimbika kwemanetiweki kana mainterface aunoshandisa kubatanidza. Iyo ine rutsigiro rweIPv4, IPv6 uye ethernet bridging masisitimu.

About Firewalld

Firewall ndiyo inoshandiswa seyakaputira pamusoro pe nftables uye iptables packet mafirita. Firewalld inomhanya senge yekumashure maitiro inobvumira packet filter mitemo kuti ichinje zvine simba pamusoro peD-Bhazi pasina kurodha pakiti sefa yemitemo uye pasina kudimbura zvinongedzo zvakasimbiswa.

Kugadzirisa firewall, firewall-cmd inoshandiswa inoshandiswa, iyo, pakugadzira mitemo, haibvi pa IP kero, network interfaces uye nhamba dzechiteshi, asi pamazita emasevhisi, semuenzaniso, kuvhura mukana weSSH, kuvhara. SSH, pakati pevamwe.

Iyo firewall-config (GTK) graphical interface uye firewall-applet (Qt) applet zvakare. inogona kushandiswa kushandura firewall marongero. Tsigiro yekutungamira kuburikidza neD-BUS API firewalld inowanikwa mumapurojekiti akadai seNetworkManager, libvirt, podman, docker, uye fail2ban.

Uyewo, firewalld inochengetedza kumhanya uye kugadzirisa zvachose zvakasiyana. Nekudaro, firewalld inopawo chinongedzo chekushandisa kuwedzera mitemo nenzira iri nyore.

Iyo yakapfuura modhi (system-config-firewall/lokkit) yaive static uye shanduko yega yega yaida hard reboot. Izvi zvaireva kuburitsa kernel modules (eg: netfilter) uye kuarodha pazvese zvigadziriso. Pamusoro pezvo, kutangazve uku kwaireva kurasikirwa neruzivo rwemamiriro ezvibatanidza zvakasimbiswa.

Kusiyana neizvi, firewalld haidi kuti sevhisi itangezve kushandisa gadziriso nyowani. Naizvozvo, hazvifanirwe kurodhazve iyo kernel modules. Iyo chete dhizaini ndeyekuti kuti zvese izvi zvishande nemazvo, iyo gadziriso inofanirwa kuitwa kuburikidza nefirewalld uye maturusi ekugadzirisa (firewall-cmd kana firewall-config). Firewalld inokwanisa kuwedzera mitemo ichishandisa syntax yakafanana neye {ip, ip6, eb} mirairo yematafura (yakananga mitemo).

Firewall 1.3

Parizvino, Firewalld iri muvhezheni yayo 1.3, iyo ichangobva kuburitswa uye inoratidza shanduko dzinotevera:

• Sevhisi inoenderana neWarpinator faira yekugovera application yakagadziriswa neLinux Mint kugovera yaitwa.
• Yakawedzera iyo bareos-director, bareos-filedaemon, uye bareos-kuchengetedza masevhisi kutsigira Bareos backup system.
• Mutemo wekumisa wakashandiswa kune iyo nftables backend, iyo inokutendera kuti usunge network interfaces kune imwe nzvimbo inogadzirisa inouya traffic. Kune iptables backend, iyi ficha haina kutsigirwa.
• Yakawedzerwa sevhisi yekufukidza P2P network yeNebula.
• Yakawedzera sevhisi yeCeph metrics ekunze system kune Prometheus dhatabhesi.
• Yakawedzera sevhisi inotsigira OMG DDS (Object Management Group Data Distribution Service) protocol.
• Sevhisi yawedzerwa kugadzirisa zvikumbiro zvevatengi kuti itarise mazita evatambi vachishandisa LLMNR (Link-Local Multicast Name Resolution) protocol.
• Yakawedzera sevhisi ye ps2link protocol inoshandiswa kutaurirana nePlayStation 2 mutambo consoles.
• Sevhisi yakawedzerwa kutsigira sevha kushanda kweiyo Syncthing faira yekubatanidza system.

Kana iwe uchida kuziva zvakawanda nezve iyi vhezheni itsva, unogona kubvunza ruzivo mune inotevera chinongedzo.

Tora Firewall

Pakupedzisira kune avo vari kufarira kukwanisa kuisa iyi Firewall, iwe unofanirwa kuziva kuti purojekiti yatove kushandiswa pane akawanda Linux kugovera, kusanganisira RHEL 7+, Fedora 18+, uye SUSE/openSUSE 15+. Iyo firewalld kodhi yakanyorwa muPython uye inoburitswa pasi peGPLv2 rezinesi.

Iwe unogona kuwana iyo source code yekuvaka kwako kubva pane iyi link iripazasi.