Kuburitswa kwekiti yekugovera yekugadzira firewalls OPNsense 21.7 kwakaitika, rinova bazi reiyo pfSense purojekiti, yakagadzirwa nechinangwa chekugadzira yakanyatsovhurika yekugovera kit inogona kuve nekushanda padanho rezvigadziriso zvekutengesa zvekuisa firewall uye network magedhi. . Kusiyana nepfSense, chirongwa ichi chakamisikidzwa sechisiri kudzorwa nekambani imwe chete, yakagadziridzwa nekutora chikamu kwakananga munharaunda uye ine hurongwa hwekuvandudza hwakajeka, pamwe nekupa mukana wekushandisa chero chayakaitika muzvigadzirwa zvebato rechitatu, kusanganisira zvekutengesa. zvimwe. Iko kunobva kodhi yezvikamu zvekugovera, pamwe nemidziyo inoshandiswa pakuungana, inogoverwa pasi perezinesi reBSD. Magungano akagadzirirwa ari muchimiro cheLiveCD uye system image yekurekodha paFlash drives (422 MB).
Izvo zvekutanga zvemukati zvekugovera zvakavakirwa paHardenedBSD kodhi, iyo inotsigira yakawiriraniswa forogo yeFreeBSD, iyo inobatanidza imwe nzira dzekudzivirira uye matekiniki ekurwisa kushandiswa kwekusagadzikana. Pakati pezvinhu zveOPNsense ndeye yakavhurika yekuvaka toolkit, kugona kuisa muchimiro chemapakeji pamusoro penguva dzose FreeBSD, maturusi ekuyera maturusi, webhu interface yekuronga mushandisi kubatana kune network (Captive portal), kuvapo kwemaitiro. yekutevera yekubatanidza nyika (yakajeka firewall yakavakirwa pf), kuseta bandwidth miganhu, traffic kusefa, kugadzira VPN yakavakirwa paIPsec, OpenVPN uye PPTP, kubatanidzwa neLDAP neRADIUS, rutsigiro rweDDNS (Dynamic DNS), hurongwa hwekuona mishumo uye magirafu.
Kugovera kunopa maturusi ekugadzira kukanganisa-kushivirira zvigadziriso zvichibva pakushandiswa kweCARP protocol uye kukubvumira kuti utange, mukuwedzera kune main firewall, iyo backup node iyo inozongoenderana otomatiki padanho rekugadzirisa uye inotora mutoro mukati. chiitiko chekukundikana kwenheyo yekutanga. Iyo maneja inopihwa yemazuva ano uye yakapusa interface yekumisikidza firewall, yakavakwa uchishandisa iyo Bootstrap web framework.
Pakati pekuchinja:
- Iko kugoverwa kunoenderana nekuvandudzwa kweHardenedBSD 12.1. Kuburitswa kunotevera, 22.1, inoronga kutamira kuFreeBSD 13.
- Nyowani yekumisikidza yakatsanangurwa inopa yakavakirwa-mukati tsigiro yekumisikidza pazvikamu neZFS faira system uye inokodzera kushanda mumashini chaiwo anoshandisa UEFI.
- Iyo interface yekuvandudza firmware yakagadziridzwa patsva.
- Muchinyorwa chinoratidza basa rekusefa kwemigwagwa, zvinova nechokwadi chekuti zviziviso zvemitemo zvazvino zvinoratidzwa kudzivirira kududzira kusiri iko mushure mekushandura seti yemitemo.
- Mumatemplate anokutendera kuti ubatanidze seti yetiweki, mauto uye zviteshi zvine zita rekufananidzira mumitemo ye firewall (aliases), kugona kutsanangura bit masks (wildcard mask) mumasiki etiweki akawedzerwa.
Source: opennet.ru