An sake sakin 2.1 Firewall Firewall mai ƙarfi mai ƙarfi, wanda aka aiwatar a cikin nau'i na nannade a kan nftables da filtar fakitin iptables, an sake shi. Firewalld yana gudana azaman tsari na bango wanda ke ba ku damar canza ƙa'idodin tace fakiti ta hanyar D-Bus ba tare da sake shigar da ka'idodin tace fakiti ko karya kafaffen haɗin gwiwa ba. An riga an yi amfani da aikin a yawancin rarrabawar Linux, gami da RHEL 7+, Fedora 18+ da SUSE/openSUSE 15+. An rubuta lambar ta wuta a cikin Python kuma tana da lasisi ƙarƙashin lasisin GPLv2.
Don sarrafa Tacewar zaɓi, ana amfani da mai amfani Firewall-cmd, wanda, lokacin ƙirƙirar dokoki, ba a dogara da adiresoshin IP ba, musaya na cibiyar sadarwa da lambobin tashar jiragen ruwa, amma akan sunayen sabis (alal misali, don buɗe damar shiga SSH kuna buƙatar. gudanar da "firewall-cmd -add -service = ssh", don rufe SSH - "firewall-cmd -remove -service=ssh"). Don canza saitin bangon wuta, ana iya amfani da madaidaicin hoto na Firewall-config (GTK) da applet ta Firewall-applet (Qt). Taimako don sarrafa tacewar wuta ta hanyar D-BUS API Firewalld yana samuwa a cikin ayyuka kamar NetworkManager, libvirt, podman, docker da fail2ban.
Canje-canje masu mahimmanci:
- Ƙara sabis don amfani da DNS akan ƙa'idar QUIC (DNS akan QUIC, DoQ, RFC 9250).
- Ƙara tallafi don nau'ikan saƙon ICMPv6 MLD (Binciken Mai Sauraron Multicast).
- Ƙara wani zaɓi na ReloadPolicy zuwa fayil ɗin sanyi na firewalld.conf.
- Ƙara sabis don karɓar buƙatun abokin ciniki na SMTP akan tashar tashar TCP 587 (sadar da wasiku).
- Ƙara sabis don tallafawa ALVR (wasannin VR masu gudana daga PC zuwa na'urori masu ɗaukar hoto ta hanyar Wi-Fi).
- Ƙara sabis don tallafawa VRRP (Ka'idar Redundancy Protocol ta Virtual Router).
source: budenet.ru