ProHoster > Блог > ozi ịntanetị > Mwepụta nke ngwa nkesa maka ịmepụta OPNsense 19.7 firewalls

Mwepụta nke ngwa nkesa maka ịmepụta OPNsense 19.7 firewalls

Mgbe ọnwa 6 nke mmepe gasịrị ọkọnọ ntọhapụ nke ihe nkesa maka ịmepụta firewalls OPNsense 19.7, nke bụ ndụdụ nke ọrụ pfSense, nke e mepụtara na ebumnuche nke ịmepụta nkesa na-emeghe kpamkpam nke nwere ike ịrụ ọrụ nke ngwọta azụmahịa maka ịkwanye ọkụ ọkụ na ọnụ ụzọ netwọk. N'adịghị ka pfSense, a na-edobe ọrụ ahụ dịka otu ụlọ ọrụ anaghị achịkwa ya, mepụtara site na ntinye aka kpọmkwem nke obodo ma nwee usoro mmepe zuru oke, yana inye ohere iji ihe ọ bụla n'ime mmepe ya na ngwaahịa ndị ọzọ, gụnyere azụmahịa. ndị. Ederede isi mmalite nke ihe nkesa nkesa, yana ngwaọrụ eji eme mgbakọ, kesaa n'okpuru ikikere BSD. Mgbakọ kwadebere n'ụdị LiveCD na onyonyo sistemụ maka ịdekọ na draịva Flash (290 MB).

Isi ọdịnaya nke nkesa dabere na koodu Hardened BSD 11, nke na-akwado ndụdụ nke FreeBSD mekọrịtara ọnụ, nke na-ejikọta usoro nchekwa na usoro iji gbochie nrigbu nke adịghị ike. N'ime Ohere Enwere ike ịmata OPNsense site na ngwa ngwa mgbakọ mepere emepe kpamkpam, ikike ịwụnye n'ụdị ngwugwu n'elu FreeBSD oge niile, akụrụngwa na-edozi ibu, ihe ntanetị weebụ maka ịhazi njikọ ndị ọrụ na netwọkụ (Portal Captive), ọnụnọ nke usoro maka steeti njikọ nsochi (ọkụ ọkụ steeti dabere na pf), mwube bandwidth mgbochi, nzacha okporo ụzọ, imepụta VPN dabere na IPsec, OpenVPN na PPTP, njikọta na LDAP na RADIUS, nkwado maka DDNS (Dynamic DNS), sistemụ akụkọ na eserese na eserese. .

Tụkwasị na nke ahụ, nkesa na-enye ngwá ọrụ maka ịmepụta nhazi ndị na-adịghị mma na-adabere n'iji usoro CARP mee ihe ma na-enye gị ohere ịmalite, na mgbakwunye na firewall bụ isi, oghere ndabere nke ga-ejikọta ya na-akpaghị aka na nhazi nhazi ma ga-eweghara ya. ibu na ihe omume nke isi ọnụ ọdịda. A na-enye onye nchịkwa ihe ọhụụ na nke dị mfe maka ịhazi firewall, nke e wuru site na iji usoro weebụ Bootstrap.

Na ụdị ọhụrụ:

  • Enwere ike izipu ndekọ na sava dịpụrụ adịpụ site na iji Syslog-ng;
  • Etinyere ndepụta dị iche iche maka ikiri iwu nzacha nzacha emepụtara na-akpaghị aka;
  • Ọnụọgụ agbakwunyere maka iwu nzacha ngwugwu niile;
  • Nlekọta emelitere aha pseudonym na iwu firewall (na-enye gị ohere iji mgbanwe karịa ndị ọbịa, nọmba ọdụ ụgbọ mmiri na subnets). Agbakwunyere ike ibubata na mbupụ utu aha n'ụdị JSON. Enwere ikike nhọrọ idobe ọnụ ọgụgụ maka pseudonyms;
  • Edegharịrị koodu maka nhazi na ntụgharị ọnụ ụzọ ámá;
  • Tinyere ikike ịmekọrịta otu LDAP;
  • Agbakwunyere ike izipu akwụkwọ bịanyere aka n'akwụkwọ nkwado arịrịọ;
  • Nkwado agbakwunyere maka ụzọ mbugharị site na IPsec (VTI);
  • A na-emekọrịta mmekọrịta nke utu aha, VHID na wijetị site na XMLRPC;
  • Agbakwunyere ikike iji nyochaa na Web proxy na IPsec site na PAM;
  • Nkwado agbakwunyere maka ijikọ site na yinye proxy;
  • Ewebata ikike iji otu dị iche iche hazie ikike njikọ proxy;
  • Edobere ngwa mgbakwunye maka Netdata, WireGuard, Maltrail na Mail-Backup (PGP). Ebuferela sava Dpinger na DHCP na sistemụ ngwa mgbakwunye;
  • Ntụgharị asụsụ emelitere gaa na Russian;
  • A na-eji ụdị ọhụrụ Bootstrap 3.4, LibreSSL 2.9, Unbound 1.9, PHP 7.2, Python 3.7 na Squid 4 mee ihe.

isi: opennet.ru

Tinye a comment