ProHoster > Π‘Π»ΠΎΠ³ > wararka internetka > Siideynta xirmada qaybinta ee abuuritaanka IFire 2.25 firewalls

Siideynta xirmada qaybinta ee abuuritaanka IFire 2.25 firewalls

La heli karo sii daynta xirmada qaybinta ee abuurista router iyo firewalls IPFire 2.25 Muhiim 141. IPFire waxaa lagu kala soocaa hab fudud oo lagu rakibo iyo habaynta qaabeynta iyada oo loo marayo is-dhexgal shabakad dareen leh, oo ay ka buuxaan sawirro muuqaal ah. Cabbirka rakibidda sawirka iso waa 290 MB (x86_64, i586, ARM).

Nidaamku waa modular, marka lagu daro shaqooyinka aasaasiga ah ee shaandhaynta xirmooyinka iyo maareynta taraafikada ee IPFire, modules-yada ayaa diyaar u ah hirgelinta nidaamka looga hortagayo weerarada ku saleysan Suricata, abuurista server-ka faylka (Samba, FTP, NFS), a server-ka boostada (Cyrus-IMAPd, Postfix, Spamassassin, ClamAV iyo Openmailadmin) iyo server-ka daabacaadda (CUPS), habeynta albaabka VoIP ee ku saleysan Asterisk iyo Teamspeak, abuurista barta marinka wireless-ka, habeynta maqal iyo muuqaal fiidiyoow ah (MPFire, Videolan). , Icecast, Gnump3d, VDR). Si loogu rakibo add-ons gudaha IPFire, maamule xirmo gaar ah, Pakfire, ayaa la isticmaalaa.

Siideynta cusub:

  • Qaybaha interneedka dib loo shaqeeyay iyo qoraalada qaybinta ee la xidhiidha DNS:
    • Taageero lagu daray DNS-over-TLS.
    • Dejinta DNS ayaa lagu mideeyay dhammaan bogagga shabakadda interneedka.
    • Hadda waa suurtogal in la cayimo in ka badan laba server oo DNS ah iyadoo la adeegsanayo server-ka ugu dhaqsaha badan liiska caadiga ah.
    • Habka Yaraynta QNAME ee lagu daray (RFC-7816) si loo yareeyo gudbinta macluumaadka dheeraadka ah ee codsiyada si looga hortago daadinta macluumaadka ku saabsan bogga la codsaday oo loo kordhiyo sirta.
    • filtar ayaa la hirgaliyay si loogu shaandheeyo goobaha kaliya ee dadka waaweyn ee heerka DNS.
    • Wakhtiga rarida ayaa la dedejiyay iyadoo la dhimay tirada jeegaga DNS.
    • Hawsha ayaa la hirgeliyay haddii ay dhacdo in bixiyaha uu shaandheeyo codsiyada DNS ama taageerada DNSSEC khaldan (haddii ay jiraan dhibaatooyin, gaadiidka waxaa loo beddelay TLS iyo TCP).
    • Si loo xalliyo dhibaatooyinka luminta baakadaha jajaban, cabbirka EDNS buffer waxaa lagu dhimay 1232 bytes (qiimaha 1232 ayaa la doortay sababtoo ah waa ugu badnaan taas oo cabbirka jawaabta DNS, iyada oo la tixgelinayo IPv6, ku habboon qiimaha ugu yar ee MTU (1280).
  • Noocyada xirmo ee la cusboonaysiiyay, oo ay ku jiraan GCC 9, Python 3, knot 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc 1.1.0, mpfr 4.0.2, miridhku 1.39, suricata 4.1.6. aan xidhnayn 1.9.6.
  • Taageero lagu daray luqadaha Go iyo Rust Halabuurka ugu muhiimsan waxaa ka mid ah browser-ka elinks iyo xirmada rfkill.
  • Add-ons updated fuuqbaxay 0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, tor 0.4.2.5, tshark 3.0.7. Waxaa lagu daray amazon-ssm-wakiil cusub oo lagu daray si loo horumariyo la-qabsiga daruuraha Amazon.
  • Macluumad ka saarista faylasha la fulin karo waa la nadiifiyay si loo yareeyo cabbirka qaybinta ka dib marka la rakibo.
  • Taageero lagu daray qaybaha LVM
  • Taageero lagu daray shaandheynta xirmooyinka shabakada ee macaamiisha OpenVPN ilaa IPS (Nidaamka Kahortagga Faragelinta);
  • Gudaha Pakfire, HTTPS waxaa loo isticmaalaa in lagu shubo liiska muraayadaha (horey, codsigii ugu horeeyay wuxuu ahaa HTTP, ka dibna serverku wuxuu soo saari doonaa dib u habeyn HTTPS).

Source: opennet.ru

Add a comment