Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Kutulutsidwa kwa zida zogawa zopangira ma firewall a OPNsense 19.7

Kutulutsidwa kwa zida zogawa zopangira ma firewall a OPNsense 19.7

Pambuyo 6 miyezi chitukuko zoperekedwa kutulutsidwa kwa zida zogawa kuti mupange ma firewall OPNSEnse 19.7, yomwe ndi foloko ya polojekiti ya pfSense, yopangidwa ndi cholinga chopanga kugawa kotseguka komwe kungakhale ndi ntchito zothetsera malonda opangira ma firewall ndi zipata za intaneti. Mosiyana ndi pfSense, polojekitiyi ili ngati yosayendetsedwa ndi kampani imodzi, yopangidwa ndi kutenga nawo mbali mwachindunji kwa anthu ammudzi ndipo ili ndi ndondomeko yachitukuko yowonekera bwino, komanso kupereka mwayi wogwiritsa ntchito zomwe zikuchitika muzinthu zamagulu achitatu, kuphatikizapo malonda. omwe. Zolemba zoyambira za magawo ogawa, komanso zida zomwe zimagwiritsidwa ntchito pophatikiza, kufalitsa pansi pa layisensi ya BSD. Misonkhano kukonzekera mu mawonekedwe a LiveCD ndi chithunzi chadongosolo chojambulira pa Flash drive (290 MB).

Zomwe zili zofunika pakugawa zimatengera code Chithunzi chaBSD11, yomwe imathandizira foloko yolumikizidwa ya FreeBSD, yomwe imaphatikiza njira zowonjezera zachitetezo ndi njira zothana ndi kugwiritsa ntchito ziwopsezo. Pakati mwayi OPNsense imatha kusiyanitsidwa ndi zida zotsegulira zotseguka, kuthekera koyika ngati phukusi pamwamba pa FreeBSD yokhazikika, zida zosinthira katundu, mawonekedwe apaintaneti okonzekera kulumikizana ndi netiweki (Captive portal), kukhalapo kwa njira zolumikizirana. kutsata mayendedwe olumikizirana (chiwongolero chamoto chokhazikitsidwa ndi pf), kukhazikitsa zoletsa bandwidth, kusefa kwamagalimoto, kupanga VPN kutengera IPsec, OpenVPN ndi PPTP, kuphatikiza ndi LDAP ndi RADIUS, kuthandizira kwa DDNS (Dynamic DNS), dongosolo la malipoti owonera ndi ma graph .

Kuphatikiza apo, kugawa kumapereka zida zopangira masinthidwe olekerera zolakwika potengera kugwiritsa ntchito protocol ya CARP ndikukulolani kuti muyambitse, kuwonjezera pa chowotcha chachikulu, node yosunga zobwezeretsera yomwe idzalumikizidwa yokha pamlingo wokonzekera ndipo idzatenga. katundu pakachitika kulephera koyambirira kwa node. Woyang'anira amapatsidwa mawonekedwe amakono komanso osavuta kuti akonze zozimitsa moto, zomangidwa pogwiritsa ntchito Bootstrap web framework.

Mu mtundu watsopano:

  • Kuthekera kokhazikika kutumiza zipika ku seva yakutali pogwiritsa ntchito Syslog-ng;
  • Anawonjezera mndandanda wosiyana kuti muwone malamulo a paketi opangidwa okha;
  • ziwerengero anawonjezera malamulo onse paketi fyuluta;
  • Kasamalidwe kabwino pseudonym mu malamulo a firewall (amakulolani kugwiritsa ntchito zosinthika m'malo mwa makamu, manambala a doko ndi ma subnets). Adawonjezera kuthekera kolowetsa ndi kutumiza ma alias mumtundu wa JSON. Pali kuthekera kosankha kusunga ziwerengero zama pseudonyms;
  • Khodi yokonza ndi kusintha zipata yalembedwanso;
  • Anakhazikitsa luso logwirizanitsa magulu a LDAP;
  • Anawonjezera kuthekera kutumiza zopempha kusaina satifiketi;
  • Zowonjezera zothandizira njira zotumizira kudzera pa IPsec (VTI);
  • Kulunzanitsa ma alias, ma VHID ndi ma widget kumayendetsedwa kudzera pa XMLRPC;
  • Anawonjezera kuthekera kotsimikizira mu Web proxy ndi IPsec kudzera PAM;
  • Thandizo lowonjezera lolumikizira kudzera pa unyolo wa proxy;
  • Adawonetsa kuthekera kogwiritsa ntchito magulu kukonza mwayi wolumikizana ndi proxy;
  • Mapulagini a Netdata, WireGuard, Maltrail ndi Mail-Backup (PGP) akonzedwa. Ma seva a Dpinger ndi DHCP atumizidwa ku pulogalamu yowonjezera;
  • Mabaibulo osinthidwa mu Chirasha;
  • Mabaibulo atsopano a Bootstrap 3.4, LibreSSL 2.9, Unbound 1.9, PHP 7.2, Python 3.7 ndi Squid 4 amagwiritsidwa ntchito.

Source: opennet.ru

Kuwonjezera ndemanga