Kutulutsidwa kwa zida zogawa zopangira ma firewall a OPNsense 23.1 kwapangidwa, yomwe ndi nthambi ya polojekiti ya pfSense, yomwe idapangidwa ndi cholinga chopanga zida zogawa zotseguka zomwe zitha kukhala ndi magwiridwe antchito pamlingo wamayankho azamalonda pakuyika zozimitsa moto ndi netiweki. zipata. Mosiyana ndi pfSense, polojekitiyi ili ngati yosayendetsedwa ndi kampani imodzi, yopangidwa ndi kutenga nawo mbali mwachindunji kwa anthu ammudzi ndipo ili ndi ndondomeko yachitukuko yowonekeratu, komanso kupereka mwayi wogwiritsa ntchito zomwe zikuchitika muzinthu zamagulu achitatu, kuphatikizapo malonda. omwe. Magwero a magawo ogawa, komanso zida zomwe zimagwiritsidwa ntchito posonkhana, zimagawidwa pansi pa chilolezo cha BSD. Misonkhanoyi imakonzedwa mu mawonekedwe a LiveCD ndi chithunzi chadongosolo chojambulira pa Flash drive (399 MB).
Zofunikira pakugawa zimatengera kachidindo ka FreeBSD. Zina mwazinthu za OPNsense ndi zida zomangirira zotseguka, kuthekera koyika ngati mapaketi pamwamba pa FreeBSD nthawi zonse, zida zosinthira katundu, mawonekedwe a intaneti okonzekera kulumikizana ndi maukonde (Captive portal), kukhalapo kwa makina. potsata maiko olumikizirana (firewall yodziwika bwino yozikidwa pa pf), kukhazikitsa malire a bandwidth, kusefa kwamagalimoto, kupanga VPN yozikidwa pa IPsec, OpenVPN ndi PPTP, kuphatikiza ndi LDAP ndi RADIUS, kuthandizira kwa DDNS (Dynamic DNS), kachitidwe ka malipoti owonera ndi zithunzi.
Kugawa kumapereka zida zopangira masinthidwe osagwirizana ndi zolakwika potengera kugwiritsa ntchito protocol ya CARP ndikukulolani kuti muyambitse, kuwonjezera pa firewall yayikulu, node yosunga zobwezeretsera yomwe idzalumikizidwa yokha pamlingo wokonzekera ndipo idzatenga katunduyo. chochitika cha kulephera kwa node yoyamba. Woyang'anira amapatsidwa mawonekedwe amakono komanso osavuta kuti akonze zozimitsa moto, zomangidwa pogwiritsa ntchito Bootstrap web framework.
Zina mwazosintha:
- Zosintha kuchokera ku nthambi ya FreeBSD 13-STABLE zasamutsidwa.
- Zosinthidwa za mapulogalamu owonjezera kuchokera kumadoko, mwachitsanzo, php 8.1.14 ndi sudo 1.9.12p2.
- Kukhazikitsa kwatsopano kwa blocklist ku DNS kwawonjezeredwa, kulembedwanso ku Python ndikuthandizira mindandanda yosiyanasiyana yotsatsa komanso yoyipa yoletsa.
- Kusonkhanitsa ndi kuwonetsa ziwerengero pakugwira ntchito kwa seva ya Unbound DNS kumaperekedwa, zomwe zimakulolani kuti muzitha kuyang'anira magalimoto a DNS poyerekezera ndi ogwiritsa ntchito.
- Anawonjezera mtundu watsopano wa BGP ASN firewalls.
- Anawonjezera PPPoEv6 njira yokhayokha kuti musankhe IPv6 Control Protocol.
- Thandizo lowonjezera la mawonekedwe a SLAAC WAN opanda DHCPv6.
- Zida zogwiritsira ntchito paketi ndi kasamalidwe ka IPsec zidasamutsidwa ku dongosolo la MVC, zomwe zidapangitsa kuti zitheke kukhazikitsa chithandizo cha kasamalidwe ka API mwa iwo.
- Zokonda za IPsec zasunthidwa ku fayilo ya swanctl.conf.
- Pulagi ya os-sslh ikuphatikizidwa, kukulolani kuti muwonjezere ma HTTPS, SSH, OpenVPN, tinc ndi XMPP zolumikizira kudzera pa doko limodzi la 443.
- Pulagi ya os-ddclient (Dynamic DNS Client) tsopano imapereka mwayi wogwiritsa ntchito ma backend anu, kuphatikiza Azure.
- Pulagi ya os-wireguard yokhala ndi VPN WireGuard yasinthidwa mwachisawawa kuti igwiritse ntchito kernel module (njira yakale yogwiritsira ntchito pa mlingo wa osuta yasamutsidwa ku os-wireguard-go plugin).
Source: opennet.ru