Kuburitswa kwekiti yekugovera yekugadzira firewalls OPNsense 22.1 kwakaitika, rinova bazi reiyo pfSense purojekiti, yakagadzirwa nechinangwa chekugadzira yakanyatsovhurika yekugovera kit inogona kuve nekushanda padanho rezvigadziriso zvekutengesa zvekuisa firewall uye network magedhi. . Kusiyana nepfSense, chirongwa ichi chakamisikidzwa sechisiri kudzorwa nekambani imwe chete, yakagadziridzwa nekutora chikamu kwakananga munharaunda uye ine hurongwa hwekuvandudza hwakajeka, pamwe nekupa mukana wekushandisa chero chayakaitika muzvigadzirwa zvebato rechitatu, kusanganisira zvekutengesa. zvimwe. Iko kunobva kodhi yezvikamu zvekugovera, pamwe nemidziyo inoshandiswa pakuungana, inogoverwa pasi perezinesi reBSD. Magungano akagadzirirwa ari muchimiro cheLiveCD uye system image yekurekodha paFlash drives (339 MB).
Izvo zvakakosha zvemukati zvekugovera zvakavakirwa paFreeBSD kodhi. Pakati pezvinhu zveOPNsense ndeye yakavhurika yekuvaka toolkit, kugona kuisa muchimiro chemapakeji pamusoro penguva dzose FreeBSD, maturusi ekuyera maturusi, webhu interface yekuronga mushandisi kubatana kune network (Captive portal), kuvapo kwemaitiro. yekutevera yekubatanidza nyika (yakajeka firewall yakavakirwa pf), kuseta bandwidth miganhu, traffic kusefa, kugadzira VPN yakavakirwa paIPsec, OpenVPN uye PPTP, kubatanidzwa neLDAP neRADIUS, rutsigiro rweDDNS (Dynamic DNS), hurongwa hwekuona mishumo uye magirafu.
Kugovera kunopa maturusi ekugadzira kukanganisa-kushivirira zvigadziriso zvichibva pakushandiswa kweCARP protocol uye kukubvumira kuti utange, mukuwedzera kune main firewall, iyo backup node iyo inozongoenderana otomatiki padanho rekugadzirisa uye inotora mutoro mukati. chiitiko chekukundikana kwenheyo yekutanga. Iyo maneja inopihwa yemazuva ano uye yakapusa interface yekumisikidza firewall, yakavakwa uchishandisa iyo Bootstrap web framework.
Pakati pekuchinja:
- Shanduko kuenda kuFreeBSD 13-STABLE bazi yakaitwa (iyo yapfuura vhezheni yaive yakavakirwa paHardenedBSD 12.1).
- Yakapihwa chiratidzo murogi yeruzivo nezve nhanho yekuomarara kwemeseji (kuoma) yekusefa matanda nehukoshi uhu.
- Iyo Opnsense-log utility inosanganisirwa yekuongorora matanda.
- Zvishandiso zvekupfuura sysctl zvawedzerwa kune tunables framework.
- Maitiro ekurodha nekugadzirisa network interfaces yakakwidziridzwa. Shanduko yekushandisa iyo LUA bootloader yaitwa.
- Shanduro dzakagadziridzwa dzemamwe mapurogiramu kubva kumadoko, semuenzaniso, filterlog 0.6, hostapd 2.10, lighttpd 1.4.63, nss 3.74, openssl 1.1.1m, openvpn 2.5.5, php 7.4.27, sqlite 3.37.2-ng, 3.35.1.slog. 1.14.0, kusunungura 2.10, wpa_supplicant XNUMX.
Source: opennet.ru