I-Firewall, ithuluzi elihle kakhulu lokulawula i-firewall

Darkcrizt

Imizuzu ye-4

i-firewalld

i-firewall, insiza enhle kakhulu evikela futhi ivimbe ithrafikhi yenethiwekhi

Iningi le Ukusabalalisa kwe-Linux kunezinsizakalo zabo zokuvikela umlilo eyakhelwe ngaphambili, ngakho-ke umsebenzisi ngokuvamile akudingeki angenele kule ngxenye. Kodwa ngezinye izikhathi uhlobo oluthile lokucushwa okukhethekile luyadingeka noma kunoma yini enye umsebenzisi ayifunayo.

Futhi yingakho namuhla ake sikhulume firewall, okuyinto i-firewall enamandla elawulekayo, ngokuyisisekelo ikuvumela ukuthi uphathe i-Firewall ngosekelo lwezindawo zenethiwekhi ukuze uchaze izinga lokuzethemba lamanethiwekhi noma izixhumanisi ozisebenzisayo ukuze uxhume. Inokusekelwa kwe-IPv4, IPv6 nokulungiselelwa kwebhuloho le-ethernet.

Mayelana ne-Firewall

I-Firewall isetshenziswe njengesisonga phezu kwezihlungi zephakethe le-nftables ne-iptables. I-Firewalld isebenza njengenqubo yangemuva evumela ukuthi imithetho yesihlungi sephakethe ishintshwe ngendlela eguquguqukayo nge-D-Bus ngaphandle kokulayisha kabusha imithetho yesihlungi sephakethe nangaphandle kokunqamula ukuxhumana okumisiwe.

Ukuphatha i-firewall, i-firewall-cmd isetshenziswa, okuthi, lapho kwakhiwa imithetho, ingasekelwe kumakheli e-IP, ukuxhumana kwenethiwekhi nezinombolo zamachweba, kodwa emagameni ezinsizakalo, isibonelo, ukuvula ukufinyelela ku-SSH, ukuvala. SSH, phakathi kwabanye.

I-firewall-config (GTK) graphical interface kanye ne-firewall-applet (Qt) applet nayo ingasetshenziswa ukushintsha izilungiselelo ze-firewall. Ukusekelwa kwabaphathi nge-D-BUS API firewalld kuyatholakala kumaphrojekthi afana ne-NetworkManager, libvirt, podman, docker, kanye ne-fail2ban.

Futhi, I-firewalld igcina ukusebenza kanye nokucushwa okuhlala njalo ngokuhlukene. Ngakho, i-firewalld iphinde inikeze isixhumi esibonakalayo ukuze izinhlelo zokusebenza zengeze imithetho ngendlela elula.

Imodeli yangaphambilini (isistimu-config-firewall/lokkit) ibimile futhi ushintsho ngalunye ludinga ukuqalisa kabusha okuqinile. Lokhu kusho ukuthi kufanele ethule amamojula e-kernel (isb: i-netfilter) futhi uwalayishe kabusha kukho konke ukucushwa. Ngaphezu kwalokho, lokhu kuqalisa kabusha kusho ukulahlekelwa ulwazi lwesimo soxhumo olumisiwe.

Ngokuphambene, i-firewalld ayidingi ukuqaliswa kabusha kwesevisi ukuze usebenzise ukucushwa okusha. Ngakho-ke, akudingekile ukulayisha kabusha amamojula e-kernel. Okuwukuphela kwe-drawback ukuthi ukuze konke lokhu kusebenze kahle, ukucushwa kufanele kwenziwe nge-firewalld namathuluzi ayo okumisa (i-firewall-cmd noma i-firewall-config). I-Firewalld iyakwazi ukwengeza imithetho isebenzisa i-syntax efanayo {ip,ip6,eb}nemiyalo yamathebula (imithetho eqondile).

I-Firewall 1.3

Njengamanje, i-Firewalld ikunguqulo yayo engu-1.3, esanda kukhishwa futhi igqamisa izinguquko ezilandelayo:

  • Isevisi ehambisana nohlelo lokusebenza lokwabelana ngefayela le-Warpinator elakhiwe ukusatshalaliswa kwe-Linux Mint seliqalisiwe.
  • Kwengezwe i-bareos-director, i-bareos-filedaemon, nezinsizakalo ze-bareos-storage ukuze kusekelwe uhlelo lokusekelayo lwe-Bareos.
  • Umthetho wokufihla usetshenziswe ku-nftables backend, okuvumela ukuthi ubophe ukuxhumana kwenethiwekhi endaweni ecubungula ithrafikhi engenayo. Okwe-iptables backend, lesi sici asisekelwe.
  • Isevisi eyengeziwe yokumbondela amanethiwekhi e-P2P e-Nebula.
  • Kwengezwe isevisi yohlelo lokuthekelisa lwe-Ceph metrics kusizindalwazi se-Prometheus.
  • Kwengezwe isevisi esekela iphrothokholi ye-OMG DDS (Object Management Group Data Distribution Service).
  • Isevisi yengeziwe ukuze kucutshungulwe izicelo zeklayenti ukuze kunqunywe amagama osokhaya kusetshenziswa iphrothokholi ye-LLMNR (Isixhumanisi Sendawo Yegama Lokusakaza Okuningi)
  • Kwengezwe isevisi yephrothokholi ye-ps2link esetshenziselwa ukuxhumana namakhonsoli wegeyimu ye-PlayStation 2.
  • Isevisi yengeziwe ukuze isekele ukusebenza kweseva yesistimu yokuvumelanisa ifayela ye-Syncthing.

Uma ungathanda ukwazi okwengeziwe ngale nguqulo entsha, ungabheka imininingwane ku isixhumanisi esilandelayo.

Thola i-Firewalld

Ekugcineni kulabo abakhona unentshisekelo yokukwazi ukufaka le-Firewall, kufanele wazi ukuthi iphrojekthi isivele isetshenziswa ekusabalaliseni okuningi kwe-Linux, okuhlanganisa i-RHEL 7+, Fedora 18+, kanye ne-SUSE/openSUSE 15+. Ikhodi ye-firewalld ibhalwe nge-Python futhi ikhishwa ngaphansi kwelayisensi ye-GPLv2.

Ungathola ikhodi yomthombo yesakhiwo sakho kusuka kusixhumanisi esingezansi.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   nguSebha kusho
    kwenza Unyaka we-1

    Ingabe iyamsekela u-Wayland?

    Phendula uSeba
  2.   luyisito kusho
    kwenza Unyaka we-1

    Kunengqondo ukuthi uya esiqhingini sezimpungushe eJapane futhi ulethe zonke izimpungushe futhi uzibeke ukuze unakekele ihhoko lakho lezinkukhu ... yebo, madoda, lokho kuyi-dbus yokuphatha imithetho yokuhlunga.

    Phendula ku-luisito