Arturo Borrero, horumariye Debian ah oo qayb ka ah Mashruuca Netfilter Coreteam iyo ilaaliye xirmooyinka la xiriira nftables, iptables iyo netfilter on Debian, dhaqaaji sii daynta weyn ee xigta ee Debian 11 si aad u isticmaasho nftables si caadi ah. Haddii soo jeedinta la oggolaado, xirmooyinka leh iptables ayaa loo celin doonaa qaybta ikhtiyaarka ikhtiyaariga ah ee aan lagu darin xirmada aasaasiga ah.
Shaandheynta xirmada Nftables waxay caan ku tahay mideynta xirmooyinka shaandhaynta xirmooyinka ee IPV4, IPv6, ARP iyo buundooyinka shabakadda. Nftables waxay bixisaa kaliya isdhexgal guud, borotokool ku madax-bannaan oo heer kernel ah kaas oo bixiya hawlaha aasaasiga ah ee soo saarista xogta xirmooyinka, fulinta hawlaha xogta, iyo xakamaynta socodka. Caqliga shaandhaynta laftiisa iyo maamulayaasha qaaska ah ee borotokoolka waxa lagu ururiyaa bytecode ee goobta isticmaalaha, ka dib bytecode-kan waxa lagu shubaa kernel-ka iyada oo la adeegsanayo Netlink interface waxaana lagu fuliyay mishiin khaas ah oo u eg BPF (Berkeley Packet Filters).
Sida caadiga ah, Debian 11 waxa kale oo ay bixisaa dab-damiska firfircoon ee dab-damiska, oo loogu talagalay sida duubka sare ee nftables. Firewalld wuxuu u shaqeeyaa sidii hab-socod kaas oo kuu ogolaanaya inaad si firfircoon u beddesho xeerarka shaandhada baakidhka adigoo isticmaalaya DBus adiga oo aan dib u soo gelin xeerarka shaandhaynta baakidhka ama jebinta xidhiidhada la aasaasay. Si loo maareeyo firewall-ka, utility firewall-cmd ayaa la isticmaalaa, kaas oo, marka la abuurayo xeerar, aan ku salaysnayn cinwaanada IP-ga, shabakadaha shabakadaha iyo lambarrada dekedaha, laakiin magacyada adeegyada (tusaale ahaan, si aad u furto gelitaanka SSH waxaad u baahan tahay Ku orod “firewall-cmd —add —service=ssh”, si aad u xirto SSH – “firewall-cmd –remove –service=ssh”).
Source: opennet.ru