Iyo classic packet filter management toolkit iptables 1.8.8 yakaburitswa, budiriro ichangobva kutarisisa zvikamu zvekuchengetedza kumashure kuenderana - iptables-nft uye ebtables-nft, ichipa zvishandiso zvine imwechete yekuraira mutsara syntax semu iptables uye ebtables, asi. kushandura mitemo inoguma kuita nf_tables bytecode. Iyo yekutanga seti yezvirongwa zve iptables, kusanganisira ip6tables, arptables uye ebtables, zvakadzikiswa muna 2018 uye zvakatotsiviwa nenftables mukugovera kwakawanda.
Mushanduro itsva:
- Tsigiro ye connlimit uye tcpmss mataurirwo akawedzerwa kune iptables-shanduro yekushandisa, iyo inoshandura iptables mitemo kuita nftables rule sets, uye kugona kushandisa iyo "--chunk-types" uye "--ports" sarudzo dzaitwa kuitira scp uye multiport blocks.
- Dudziro yakapfava yecontrack blocks uye iyo "--tcp-flags" sarudzo mune nfttables mitemo.
- libxtables inodzimwa kana ichidanwa kubva kune zvinotemerwa neiyo setuid mureza.
- Iyo iptables-nft inoshandiswa inobvumira kudzima maketani akaiswa.
- Mitemo parser kubva kune arptables-nft utility yakawedzerwa kune iptables-nft.
- Iyo arptables-nft utility yakawedzera tsigiro yeiyo '-C' uye '-S' mirairo, yakashandiswa indexing yemitemo ye '-I' uye '-R' mirairo, uye yakawedzera tsigiro ye'-c N, M'. counter syntax.
- * Matafura eNAT haachatsigire kutsanangura akawanda IPv4 kero siyana kamwechete.
- Yakamisikidza kugona kugonesa debug kubuda mu iptables-kudzorera, iptables-nft uye ebtables-nft nekutsanangura zvakare iyo '-v' sarudzo.
- Kuvandudzwa kwekuita kweiptables-save uye iptables-kudzorera zvinoshandiswa.
Source: opennet.ru