I-Firewall, isixhobo esibalaseleyo solawulo lomlilo

Darkcrizt

Imizuzu ye4

umlilo

i-firewall, into eluncedo kakhulu ekhusela kwaye ivalela itrafikhi yenethiwekhi

Uninzi lwe Ukuhanjiswa kweLinux kuneenkonzo zabo zomlilo yakhiwe kwangaphambili, ngoko ke umsebenzisi akanyanzelekanga ukuba angenelele kule ndawo. Kodwa ngamanye amaxesha uhlobo oluthile loqwalaselo olukhethekileyo luyimfuneko okanye kuyo nayiphi na enye into ayifunayo umsebenzisi.

Yiyo loo nto namhlanje masithethe firewalleyiphi ludonga olulawulekayo olulawulekayo, ngokusisiseko ikuvumela ukuba ulawule iFirewall ngenkxaso yeendawo zothungelwano ukuchaza umgangatho wokuzithemba wothungelwano okanye ujongano olusebenzisayo ukudibanisa. Inenkxaso ye-IPv4, IPv6 kunye nolungelelwaniso lwe-ethernet bridging.

Malunga neFirewall

I-Firewall yiyo isetyenziswe njengesisongelo phezu kwe-nftables kunye ne-iptables packet filters. I-Firewalld isebenza njengenkqubo yangasemva evumela ukuba imithetho yepakethi yokucoca iguqulwe ngamandla phezu kwe-D-Bus ngaphandle kokulayisha kwakhona imigaqo yokucoca ipakethi kwaye ngaphandle kokuqhawula imidibaniso esekiweyo.

Ukulawula i-firewall, i-firewall-cmd isetyenziswa, ethi, xa udala imithetho, ayisekelwe kwiidilesi ze-IP, ujongano lwenethiwekhi kunye neenombolo ze-port, kodwa kumagama eenkonzo, umzekelo, ukuvula ukufikelela kwi-SSH, ukuvala. SSH, phakathi kwabanye.

I-firewall-config (GTK) ujongano lwemizobo kunye ne-applet ye-firewall (Qt) nayo ingasetyenziselwa ukutshintsha izicwangciso zefirewall. Inkxaso yolawulo nge-D-BUS API firewalld iyafumaneka kwiiprojekthi ezifana ne-NetworkManager, libvirt, podman, docker, kunye ne-fail2ban.

Kwakhona, I-firewalld igcina ukusebenza kunye noqwalaselo olusisigxina ngokwahlukeneyo. Ke, i-firewalld ikwabonelela ngojongano lwezicelo ukongeza imithetho ngendlela efanelekileyo.

Imodeli yangaphambili (i-system-config-firewall/lokkit) yayimi kwaye utshintsho ngalunye lwalufuna ukuqalisa kwakhona kanzima. Oku kuthetha ukuba kufuneka kukhululwe iminqongo ye-kernel (umzekelo: isihluzo se-net) kwaye uphinde uzilayishe kulo lonke uqwalaselo. Ukongeza, oku kuqalisa kwakhona kuthetha ukuphulukana nolwazi lobume boqhagamshelwano olusekiweyo.

Ngokwahlukileyo, i-firewall ayifuni kuqalwa kwakhona kwenkonzo ukuze ifake ubumbeko olutsha. Ngoko ke, akuyimfuneko ukulayisha kwakhona iimodyuli ze-kernel. I-drawback kuphela kukuba konke oku kusebenze ngokuchanekileyo, ulungelelwaniso kufuneka lwenziwe nge-firewalld kunye nezixhobo zayo zokucwangcisa (i-firewall-cmd okanye i-firewall-config). I-Firewalld iyakwazi ukongeza imigaqo isebenzisa isivakalisi esifanayo neso {ip,ip6,eb} imiyalelo yeetafile (imithetho ethe ngqo).

I-Firewall 1.3

Okwangoku, i-Firewalld ikwinguqulo yayo 1.3, esanda kukhutshwa kwaye iqaqambisa olu tshintsho lulandelayo:

  • Inkonzo ehambelana nesicelo sokwabelana ngefayile yeWarpinator ephuhliswe lunikezelo lweLinux Mint iphunyeziwe.
  • Yongeza i-bareos-director, i-bareos-filedaemon, kunye neenkonzo zokugcinwa kwe-bareos ukuxhasa inkqubo yokugcina i-Bareos.
  • Umgaqo wokugquma uphunyeziwe kwi-nftables backend, ekuvumela ukuba ubophe ujongano lwenethiwekhi kwindawo eqhuba i-traffic engenayo. Kwi-iptables backend, eli nqaku alixhaswanga.
  • Inkonzo eyongeziweyo yolwaleka lweP2P yothungelwano lweNebula.
  • Yongeza inkonzo yenkqubo yokuthumela ngaphandle kweemetriki zeCeph kwisiseko sedatha sasePrometheus.
  • Ukongezwa kwenkonzo exhasa iprotocol ye-OMG DDS (Inkonzo yoLawulo lweNgcaciso yeQela leDatha).
  • Inkonzo yongeziwe ukuze kuqhutywe izicelo zabaxumi ukumisela amagama abamkeli kusetyenziswa iprotocol yeLLMNR (Ikhonkco-Indawo yeSisombululo Segama leMulticast).
  • Kongezwe inkonzo yeprotocol ye-ps2link esetyenziselwa ukunxibelelana nePlayStation 2 iiconsoles zomdlalo.
  • Inkonzo yongezwe ukuxhasa ukusebenza kweseva kwinkqubo yongqamaniso lwefayile ye-Syncthing.

Ukuba unomdla wokwazi ngakumbi ngale nguqulelo intsha, ungajongana neenkcukacha kwi ukulandela ikhonkco.

Fumana iFirewall

Ekugqibeleni kwabo banjalo unomdla wokwazi ukufaka le Firewall, kufuneka wazi ukuba iprojekthi sele isetyenziswa kunikezelo oluninzi lweLinux, kubandakanya iRHEL 7+, Fedora 18+, kunye neSUSE/openSUSE 15+. Ikhowudi ye-firewall ibhalwe kwiPython kwaye ikhutshwe phantsi kwelayisensi ye-GPLv2.

Unokufumana ikhowudi yomthombo wokwakha kwakho kwikhonkco elingezantsi.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.

  1.   nguSebha sitsho
    yenzayo 1 ngonyaka

    Ingaba inayo inkxaso kuWayland?

    Phendula uSebha
  2.   luyoo sitsho
    yenzayo 1 ngonyaka

    Kunengqiqo ukuba uye kwisiqithi seempungutye eJapan kwaye uzisa zonke iimpungushe kwaye uzibeke ukuba zinakekele inkukhu yakho yenkukhu ... ewe, manene, yi-dbus yokulawula imigaqo yokucoca.

    Phendula luisito