Sakin kayan rarrabawa don ƙirƙirar OPNsense 26.7 Firewalls

An saki OPNsense 26.7 Firewall rarraba An ƙaddamar da shi daga aikin pfSense a cikin 2015 tare da manufar haɓaka cikakkiyar rarrabawa wanda zai iya samun aiki a matakin hanyoyin kasuwanci don ƙaddamar da tacewar wuta da hanyoyin sadarwa. Ba kamar pfSense ba, aikin yana matsayin matsayin kamfani ɗaya ba wanda ke sarrafa shi, wanda aka haɓaka tare da haɗin kai kai tsaye na al'umma kuma yana da tsarin ci gaba gaba ɗaya a bayyane, tare da ba da damar yin amfani da duk wani ci gabansa a cikin samfuran ɓangare na uku, gami da. na kasuwanci. An rarraba lambar tushe na sassan rarraba, da kayan aikin da ake amfani da su don haɗuwa, a ƙarƙashin lasisin BSD. An shirya taron ta hanyar LiveCD da hoton tsarin don yin rikodi akan faifan filasha (490 MB).

Babban ɓangaren rarrabawa ya dogara ne akan lambar FreeBSD. Siffofin OPNsense sun haɗa da: kayan aikin gina tushen buɗaɗɗe, tallafi don shigarwa azaman fakiti akan FreeBSD na yau da kullun, kayan aikin daidaita kaya, hanyar haɗin yanar gizo don tsara haɗin mai amfani zuwa hanyar sadarwa (Captive Portal), hanyoyin bin diddigin yanayin haɗi (wani firewall mai ƙarfi bisa pf), tsarin iyakance bandwidth, tace zirga-zirga, da ƙirƙirar VPN bisa IPsec. OpenVPN da PPTP, haɗin kai tare da LDAP da RADIUS, tallafin DDNS (Dynamic DNS), tsarin rahotannin gani da zane-zane.

Dangane da rarrabawa, yana yiwuwa a ƙirƙiri gyare-gyare masu dacewa da kuskure dangane da amfani da ka'idar CARP da ba da damar ƙaddamarwa, ban da babban bangon wuta, kumburin madadin, wanda za a daidaita shi ta atomatik a matakin daidaitawa kuma zai dauki nauyin nauyi a yayin da gazawar kumburin farko. Ana ba da mai gudanarwa hanyar yanar gizo don daidaita bangon wuta, wanda aka gina ta amfani da tsarin gidan yanar gizo na Bootstrap da Phalcon MVC.

Daga cikin canje-canje:

  • An kammala canjin zuwa tushen lambar FreeBSD 15.1 (a da an yi amfani da FreeBSD 14.3).
  • An ƙaura hanyoyin sadarwa don daidaita ƙa'idodin firewall, sanya hanyoyin sadarwa na cibiyar sadarwa (raba tsakanin LAN da WAN), da kuma kula da ƙungiyoyin ƙofar shiga don amfani da tsarin MVC kuma yanzu ana iya samun damar su ta hanyar Web API don sarrafa tsarin cibiyar sadarwa ta atomatik.
  • An ƙara wani mayen don ƙaura ƙa'idodin fassarar adireshi daga tsohon tsarin daidaitawar NAT na Outbound zuwa sabon tsarin ta amfani da tsarin Tushen NAT (SNAT).
  • An ƙara tallafi ga DDNS (Dynamic) da kuma rarrabawa ta atomatik na prefixes na IPv6 (toshewar adireshi) zuwa mai tsara KEA DHCP.
  • An ƙara tallafin IPv6 zuwa tashar Captive.
  • Abubuwan da aka sabunta OpenVPN 2.7, PHP 8.5, Python 3.13.
  • An gyara wani mummunan rauni (CVE-2026-57155, matakin tsanani 9.9 cikin 10). Wannan rauni ya ba wa mai amfani mara gata damar shiga harsashi da kuma iyakance damar shiga sunayen laƙabi (jerin sunayen hanyar sadarwa da masu masaukin baki) don aiwatar da lambar da ke da gata na tushen. Rashin lafiyar yana faruwa ne sakamakon rashin ingantaccen bincike yayin sarrafa bayanai daga bayanan GeoIP wanda ke haɗa ƙasashe da adiresoshin IP.

    An maye gurbin lambar ƙasa daga rumbun adana bayanai na GeoIP ba tare da tabbatarwa ba lokacin da ake rubuta sunan fayil ɗin, wanda hakan ke ba da damar sake rubuta kowane fayil a cikin tsarin, kamar yadda mai sarrafa ke aiki da gata na tushen. Mai amfani mara gata zai iya amfani da Web API don ƙayyade URL don saukar da wani ingantaccen rumbun adana bayanai na GeoIP don sunayen laƙabi. Don samun gata na tushen, mutum zai iya ƙayyade "../../../../../../../../../../../etc/newsyslog.conf.d/zzz_pwn" maimakon lambar ƙasa a cikin ɗayan shigarwar rumbun adana bayanai. Wannan zai ƙirƙiri fayil ɗin tsari don tsarin juyawar rumbun adana bayanai, wanda zai iya ayyana umarni da ke gudana tare da gata na tushen.

source: budenet.ru

Sayi amintaccen masauki don shafuka tare da kariyar DDoS, sabar VPS VDS 🔥 Sayi ingantaccen masaukin yanar gizo tare da kariyar DDoS, sabar VPS VDS | ProHoster