Zimbalwa izinsuku ezedlule inguqulo entsha ye ukusatshalaliswa okudumile kwe-Firewall I-OPNsense 20.7 futhi lapho ubusha obuyinhloko okuvelele yi ukubuyekeza kwe ukuqaliswa kohlelo lokutholwa kokungenelela kwenethiwekhi nokuvikela IMerkat 5.
Kulabo abangazi I-OPNsense kufanele bazi ukuthi lokhu imfoloko yephrojekthi ye-pfSense, kudalwe ngenhloso yokwakha ukusatshalaliswa okuvuleke ngokuphelele okungaba nokusebenza ezingeni lezixazululo zezohwebo zokusebenzisa izindonga zomlilo namasango enethiwekhi.
Mayelana ne-OPNsense
Ngokungafani ne-pfSense, eIphrojekthi ibekwe njengengalawulwa yinkampani, ithuthukiswe ngokuhlanganyela ngqo komphakathi futhi inenqubo yentuthuko esobala ngokuphelele.
Ukusatshalaliswa kwesisekelo kusekelwe kukhodi ye-HardenedBSD 12.1, egcina imfoloko evumelanisiwe yeFreeBSD, ehlanganisa izindlela ezengeziwe zokuvikela namasu wokulwa nokusizakala.
Phakathi kwamathuba i-OPNsense ingahlukanisa ngokuphelele ithuluzi lokwakha amandla okukwenza ukufaka njengamaphakeji ku-FreeBSD ejwayelekile, balancer umthwalo, isikhombimsebenzisi seWebhu yezinhlangano zokuxhuma abasebenzisi kunethiwekhi (i-portal captive).
Kukhona futhi izindlela zokuxhumana ezicacile (pf-based stateful firewall) setha imikhawulo ye-bandwidth, isihlungi se-filter, dala i-VPN ngokuya nge-IPsec, OpenVPN ne-PPTP, ukuhlanganiswa ne-LDAP ne-RADIUS, ukusekelwa kwe-DDNS (i-DNS enamandla), uhlelo lokubika olubonakalayo nolunemifanekiso.
Futhi, ukusatshalaliswa kunikeza amathuluzi okwenza ukucushwa okubekezelela amaphutha ngokususelwa ekusetshenzisweni kwephrothokholi ye-CARP futhi ikuvumela ukuthi uqale i-node eyengeziwe ngaphezu kwe-firewall enkulu, ezovumelanisa ngokuzenzakalela ezingeni lokumisa futhi ithathe umthwalo uma kwenzeka ukwehluleka okuyinhloko kwe-node.
Okomlawuli, inikeza isikhombimsebenzisi esibonakalayo sanamuhla futhi esilula ukumisa i-Firewall, idalwe kusetshenziswa uhlaka lwewebhu le-Bootstrap.
Ikhodi yomthombo yezingxenye zokusabalalisa, kanye namathuluzi asetshenziselwa ukwakhiwa, asatshalaliswa ngaphansi kwelayisense le-BSD.
Kepha izithombe zesistimu lezi zenziwa zisuka ku-LiveCD, yize isithombe sohlelo sisatshalaliswa ukubhala ku-Flash drive.
Yini okusha ku-OPNsense 20.7?
Le nguqulo entsha ifika nezinguquko ezimbalwa, kepha kusenguqulo ebalulekile, ngoba isisekelo sohlelo kule nguqulo entsha sibuyekeziwe ngeHardenedBSD 12.1, imfoloko yeFreeBSD 12.1, ehlanganisa izindlela ezengeziwe zokuphepha namasu okulwa nokuxhashazwa.
Futhi, njengoba kushiwo ekuqaleni, isici esivelele kakhulu senguqulo entsha ukuvuselelwa kweSuricata kunguqulo yayo 5.
Ngalesi sibuyekezo singathola okusha amamojula wokuhlaziya nokubhalisa ngezivumelwano I-RDP, SNMP ne-SIP.
Ngaphezu kokuba kumodi yokuhlola ye-HTTP, zonke izimo ezichazwe ku-suite yokuhlola ye-HTTP Evader zimbozwe ngokuphelele.
Okunye ukuthuthuka okutholwe ngeZuricata 5 ukusekelwa kwendlela yokuqinisekisa amaklayenti i-TLS JA3 ukungezwa kwendlela ye-JA3S kungeziwe.
Futhi kuvela nokuthi ikhodi ibhalwe kabusha ukubamba ithrafikhi usebenzisa uhlaka nguNetmap futhi ngalokho kwengezwa amandla okusebenzisa imisebenzi esezingeni eliphakeme yeNetmap, njengokushintshwa kwe-VALE ebonakalayo.
Kwezinye izinguquko ezigqamile:
- Kungezwe ukusekelwa kwe-DHCPv6 Multi-WAN ukuxhuma ngamashaneli amaningi.
- Kungenzeka uchaze amakhasi akho akhonjisiwe uma kwenzeka amaphutha wokuxhuma ngommeleli wewebhu.
- Kungezwe umbiko ngesethulo esimise okwesihlahla semininingwane mayelana nokuxhumeka kwenethiwekhi.
- I-API isetshenziselwe ukuphathwa kwe-firewall.
- Izinketho ezithuthukisiwe zokuhlunga amarekhodi endizeni.
Landa inguqulo entsha ye- I-OPNsense 20.7
Si Ngabe ufuna ukuthola le nguqulo entsha kuphela Kufanele uye kuwebhusayithi yayo esemthethweni kanye nengxenye yokulanda ungathola ifayela le- isixhumanisi sokulanda le nguqulo entsha.
Izithombe zalungiswa ngesimo se-LiveCD nesithombe sohlelo sokubhalela ama-Flash drive, usayizi wesithombe cishe u-420MB.
I-OPNSense vs pfSence? iyiphi okufanele ngiyikhethe?