Mushure memwedzi gumi yekuvandudzwa kusunungurwa kwekiti yekugovera yekugadzira firewalls , inova forogo yepurojekiti yepfSense, yakagadzirwa nechinangwa chekugadzira kugovera kwakanyatsozaruka kunogona kuva nekushanda kwezvigadziriso zvekutengeserana zvekuisa firewall uye network network gateways. Kusiyana nepfSense, chirongwa ichi chakamisikidzwa sechisiri kudzorwa nekambani imwe chete, yakagadziridzwa nekutora chikamu kwakananga munharaunda uye ine hurongwa hwekuvandudza hwakajeka, pamwe nekupa mukana wekushandisa chero chayakaitika muzvigadzirwa zvebato rechitatu, kusanganisira zvekutengesa. zvimwe. Zvinyorwa zvekwakabva zvezvikamu zvekugovera, pamwe chete nemidziyo inoshandiswa pakuungana, pasi peBSD rezinesi. Assemblies muchimiro cheLiveCD uye system image yekurekodha paFlash drives (290 MB).
Izvo zvakakosha zvemukati zvekugovera zvinoenderana nekodhi , iyo inotsigira forogo yakawiriraniswa yeFreeBSD, iyo inobatanidza dzimwe nzira dzekuchengetedza uye matekiniki ekupikisa kushandiswa kwekusagadzikana. Pakati OPNsense inogona kusiyaniswa neyakavhurika yakazara musangano toolkit, kugona kuisa muchimiro chemapakeji pamusoro peyenguva dzose FreeBSD, mitoro yekuyera maturusi, webhu interface yekuronga mushandisi kubatana kune network (Captive portal), kuvapo kwemaitiro e tracking connection states (stateful firewall based on pf), kuseta bandwidth, traffic filtering, kugadzira VPN yakavakirwa paIPsec, OpenVPN uye PPTP, kubatanidzwa neLDAP neRADIUS, kutsigirwa kweDDNS (Dynamic DNS), hurongwa hwekuona mishumo uye magirafu. .
Mukuwedzera, kugovera kunopa zvishandiso zvekugadzira kukanganisa-kushivirira zvigadziriso zvichienderana nekushandiswa kweCARP protocol uye kukubvumira kuti utange, kunze kweiyo huru firewall, node yekuchengetedza iyo inozogadziriswa pakarepo pachiyero chekugadzirisa uye ichatora. mutoro muchiitiko chekutadza kweprimary node. Iyo maneja inopihwa yemazuva ano uye yakapusa interface yekumisikidza firewall, yakavakwa uchishandisa iyo Bootstrap web framework.
Mushanduro itsva:
- Yakavakwa-mukati kugona kutumira matanda kune iri kure server uchishandisa Syslog-ng;
- Yakawedzera rondedzero yakaparadzana yekuona inogadzirwa otomatiki packet filter mitemo;
- Yakawedzerwa nhamba yeese packet filter mitemo;
- Kuvandudza manejimendi mumitemo ye firewall (inokubvumira kushandisa zvinoshanduka panzvimbo yevatenzi, nhamba dzechiteshi uye subnets). Yakawedzera kugona kupinza uye kutumira maaliases muJSON fomati. Pane sarudzo yekugona kuchengetedza nhamba dzemanyepo;
- Iyo kodhi yekugadzirisa uye kushandura magedhi yakanyorwa patsva;
- Yakaita kugona kuwiriranisa mapoka eLDAP;
- Yakawedzera kugona kutumira zvikumbiro zvekusaina zvitupa;
- Yakawedzera rutsigiro rwenzira dzekutumira kuburikidza neIPsec (VTI);
- Kuwiriranisa kwemaaliases, maVHID uye majeti anoitwa kuburikidza neXMLRPC;
- Yakawedzera kugona kwechokwadi muWeb proxy uye IPsec kuburikidza nePAM;
- Yakawedzerwa rutsigiro rwekubatanidza kuburikidza neketani yeproxy;
- Yakaunza kugona kushandisa mapoka kugadzirisa maropafadzo ekubatanidza proxy;
- Plugins yeNetdata, WireGuard, Maltrail uye Mail-Backup (PGP) yakagadzirirwa. Dpinger uye DHCP maseva akaiswa kune iyo plugin system;
- Shanduro dzakavandudzwa muchiRussian;
- Shanduro itsva dzeBootstrap 3.4, LibreSSL 2.9, Unbound 1.9, PHP 7.2, Python 3.7 uye Squid 4 dzinoshandiswa.
Source: opennet.ru