Ho lokile, ka "rata" ke pheteletso. Ho e-na le hoo, “o ile a khona ho phela hammoho.”
Joalo ka ha le tseba kaofela, ho tloha ka la 16 Mmesa, 2018, Roskomnadzor esale e thibela phihlello ea lisebelisoa tsa Marang-rang ka matla a pharalletseng, e eketsang "Registante e Kopaneng ea mabitso a marang-rang, li-index tsa maqephe a marang-rang le liaterese tsa marang-rang tse lumellang ho khetholla libaka. Inthaneteng,” e nang le tlhahisoleseding eo kabo ea eona e thibetsoeng ho Russia Federation” (mongolong - registara feela) ka /10 ka linako tse ling. Ka lebaka leo, baahi ba Russia Federation le likhoebo ba sotleha, ba lahlehetsoe ke monyetla oa ho fumana mehloli ea molao e felletseng eo ba e hlokang.
Ka mor'a hore ke bue litlhalosong ho se seng sa lihlooho tse buang ka Habré hore ke ne ke itokiselitse ho thusa bahlaseluoa ka ho theha morero oa ho pota-pota, batho ba 'maloa ba ile ba tla ho' na ba kōpa thuso e joalo. Ha ntho e 'ngoe le e' ngoe e ba sebeletsa, e mong oa bona o ile a khothalletsa ho hlalosa mokhoa ona sehloohong. Ka mor'a ho nahana, ke ile ka etsa qeto ea ho senya khutso ea ka setšeng ebe ke leka hang ho ngola ntho e bohareng pakeng tsa morero le poso ea Facebook, i.e. habrapost. Sephetho se ka pel'a hau.
ikgololo
Kaha ha ho molaong haholo ho phatlalatsa mekhoa ea ho qoba ho thibela phihlello ea tlhahisoleseling e thibetsoeng sebakeng sa Federation ea Russia, sepheo sa sengoloa sena e tla ba ho bua ka mokhoa o u lumellang ho iketsetsa phihlello ea lisebelisoa tse lumelletsoeng sebaka sa Federation ea Russia, empa ka lebaka la liketso tsa motho e mong ha li fumanehe ka ho toba ka mofani oa hau. 'Me ho fihlella mehloling e meng e fumanoeng ka lebaka la liketso tse tsoang sehloohong sena ke phello e mpe 'me ho hang ha se morero oa sehlooho.
Hape, kaha ke 'na haholo-holo moqapi oa marang-rang ka mosebetsi, mosebetsi le tsela ea bophelo, lenaneo le Linux ha se lintlha tsa ka tse matla. Ka hona, ehlile, mangolo a ka ngoloa hamolemo, litaba tsa ts'ireletso ho VPS li ka sebetsoa ka botebo, joalo-joalo. Litlhahiso tsa hau li tla amoheloa ka kananelo, haeba li hlalositsoe ka ho lekaneng - ke tla thabela ho li kenyelletsa mongolong oa sehlooho.
TL; DR
Re iketsetsa phihlello ea lisebelisoa ka kotopo ea hau e teng re sebelisa kopi ea registry le protocol ea BGP. Sepheo ke ho tlosa sephethephethe sohle se lebisitsoeng ho mehloli e koetsoeng ka har'a kotopo. Litlhaloso tse fokolang, haholo litaelo tsa mohato ka mohato.
U hloka eng bakeng sa see?
Ka bomalimabe, poso ena ha se ea motho e mong le e mong. Ho sebelisa mokhoa ona, o tla hloka ho kopanya lintlha tse 'maloa hammoho:
- U tlameha ho ba le seva sa linux kae-kae ka ntle ho sebaka se thibelang. Kapa bonyane takatso ea ho ba le seva e joalo - ka lehlohonolo hona joale e bitsa chelete e ngata ho tloha ho $ 9 / selemo, mme mohlomong ka tlase. Mokhoa ona o boetse o loketse haeba o na le kotopo e arohaneng ea VPN, joale seva se ka beoa kahare ho lebala le thibelang.
- Router ea hau e lokela ho ba bohlale ho lekana hore e khone
- moreki ofe kapa ofe oa VPN eo u e ratang (ke khetha OpenVPN, empa e ka ba PPTP, L2TP, GRE + IPSec kapa khetho efe kapa efe e etsang sebopeho sa kotopo);
- Protocol ea BGPv4. Ho bolelang hore bakeng sa SOHO e ka ba Mikrotik kapa router efe kapa efe e nang le OpenWRT/LEDE/ firmware e tšoanang e u lumellang ho kenya Quagga kapa Nonyana. Ho sebelisa router ea PC le hona ha hoa thibeloa. Tabeng ea khoebo, batla tšehetso ea BGP litokomaneng tsa router ea hau ea moeli.
- U lokela ho ba le kutloisiso ea tšebeliso ea Linux le mahlale a marang-rang, ho kenyeletsoa protocol ea BGP. Kapa bonyane batla ho fumana maikutlo a joalo. Kaha ha ke so itokisetse ho amohela boholo nakong ena, u tla tlameha ho ithuta lintlha tse ling tseo u sa li utloisiseng ka bouena. Leha ho le joalo, ha e le hantle, ke tla araba lipotso tse tobileng litlhalosong 'me ha ho bonolo hore ke be 'na feela ea arabang, kahoo u se ke ua tsilatsila ho botsa.
Se sebelisoang mohlaleng
- Kopi ea ngoliso - ho tloha
- Tšebeletso ea litsela -
- router -
- Li-folders tse sebetsang - kaha re sebetsa joalo ka motso, boholo ba ntho e 'ngoe le e' ngoe e tla be e le foldareng ea lehae ea motso. Ka ho latellana:
- /root/blacklist - foldara e sebetsang e nang le mongolo oa pokello
- /root/zi - kopi ea ngoliso ho tsoa ho github
- /etc/bird - foldara e tloaelehileng bakeng sa litlhophiso tsa lits'ebeletso tsa linonyana
- Aterese ea IP e ka ntle ea VPS e nang le seva sa ho tsamaisa le sebaka sa ho emisa kotopo ke 194.165.22.146, ASN 64998; Aterese ea IP ea kantle ea router - 81.177.103.94, ASN 64999
- Liaterese tsa IP ka har'a kotopo ke 172.30.1.1 le 172.30.1.2, ka ho latellana.
Ha e le hantle, u ka sebelisa li-routers leha e le life, mekhoa ea ho sebetsa le lihlahisoa tsa software, ho lokisa tharollo ho logic ea bona.
Ka bokhutšoanyane - mohopolo oa tharollo
- Mesebetsi ea boitokisetso
- Ho fumana VPS
- Ho phahamisa kotopo ho tloha ho router ho ea ho VPS
- Re fumana le ho nchafatsa kopi ea registry khafetsa
- Ho kenya le ho lokisa tšebeletso ea litsela
- Re theha lethathamo la litsela tse sa fetoheng bakeng sa tšebeletso ea routing ho latela ngoliso
- Re kopanya router ho tšebeletso mme re lokisetsa ho romela sephethephethe sohle ka kotopo.
Tharollo ea sebele
Mesebetsi ea boitokisetso
Ho na le lits'ebeletso tse ngata Marang-rang tse fanang ka VPS ka litheko tse ntle haholo. Ho fihlela joale ke fumane 'me ke sebelisa khetho bakeng sa $ 9 / selemo, empa le haeba u sa khathatse haholo, ho na le likhetho tse ngata bakeng sa 1E / khoeli k'honeng e' ngoe le e 'ngoe. Potso ea ho khetha VPS e ka holimo ho boholo ba sehlooho sena, kahoo haeba motho a sa utloisise ho hong ka sena, botsa litlhaloso.
Haeba u sebelisa VPS eseng feela bakeng sa ts'ebeletso ea ho tsamaisa, empa hape le ho emisa kotopo ho eona, o hloka ho phahamisa kotopo ena mme, hoo e batlang e le, o e lokisetse NAT. Ho na le litaelo tse ngata mabapi le liketso tsena Inthaneteng, nke ke ka li pheta mona. Ntho e ka sehloohong e hlokahalang bakeng sa kotopo e joalo ke hore e tlameha ho theha sebopeho se arohaneng ho router ea hau e tšehetsang kotopo e lebisang VPS. Litheknoloji tse sebelisoang haholo tsa VPN li fihlela tlhokahalo ena - mohlala, OpenVPN ka mokhoa oa tun e nepahetse.
Ho fumana kopi ea registry
Joalokaha Jabrail a boletse, “Ea re sitisang o tla re thusa.” Kaha RKN e etsa registara ea lisebelisoa tse thibetsoeng, e ka ba sebe ho se sebelise registara ena ho rarolla bothata ba rona. Re tla fumana kopi ea ngoliso ho tsoa ho github.
Re ea ho seva sa hau sa Linux, re oela boemong ba motso (sudo su -) 'me u kenye git haeba e se e kentsoe.
apt install gitE-ea bukeng ea hau ea lapeng 'me u ntše kopi ea registry.
cd ~ && git clone --depth=1 https://github.com/zapret-info/z-i Re theha ntlafatso ea cron (ke e etsa hang ka mor'a metsotso e meng le e meng ea 20, empa u ka khetha nako efe kapa efe e u khahlang). Ho etsa sena re qala crontab -e 'me u kenye mola o latelang ho eona:
*/20 * * * * cd ~/z-i && git pull && git gcRe hokela hook e tla etsa lifaele bakeng sa ts'ebeletso ea routing kamora ho ntlafatsa ngoliso. Ho etsa sena, etsa faele /root/zi/.git/hook/post-merge ka litaba tse latelang:
#!/usr/bin/env bash
changed_files="$(git diff-tree -r --name-only --no-commit-id ORIG_HEAD HEAD)"
check_run() {
echo "$changed_files" | grep --quiet "$1" && eval "$2"
}
check_run dump.csv "/root/blacklist/makebgp"'me u se ke ua lebala ho e etsa hore e phethahale
chmod +x /root/z-i/.git/hooks/post-mergeRe tla theha script ea makebgp eo hook e buang ka eona hamorao.
Ho kenya le ho lokisa tšebeletso ea litsela
Kenya nonyana. Ka bomalimabe, mofuta oa nonyana o kentsoeng hona joale polokelong ea Ubuntu o tšoana le ho nchafala ha mantle a Archeopteryx, kahoo re hloka ho qala ka ho kenyelletsa PPA ea semmuso ea baetsi ba software ho sistimi.
add-apt-repository ppa:cz.nic-labs/bird
apt update
apt install birdKamora sena, hang-hang re tima nonyana bakeng sa IPv6 - re ke ke ra e hloka ts'ebetsong ena.
systemctl stop bird6
systemctl disable bird6Ka tlase ke faele ea tlhophiso ea litšebeletso tsa nonyana e fokolang (/etc/bird/bird.conf), e leng se lekane bakeng sa rona ('me ke u hopotsa hape hore ha ho motho ea thibelang ho theha le ho lokisa mohopolo hore o lumellane le litlhoko tsa hau)
log syslog all;
router id 172.30.1.1;
protocol kernel {
scan time 60;
import none;
# export all; # Actually insert routes into the kernel routing table
}
protocol device {
scan time 60;
}
protocol direct {
interface "venet*", "tun*"; # Restrict network interfaces it works with
}
protocol static static_bgp {
import all;
include "pfxlist.txt";
#include "iplist.txt";
}
protocol bgp OurRouter {
description "Our Router";
neighbor 81.177.103.94 as 64999;
import none;
export where proto = "static_bgp";
local as 64998;
passive off;
multihop;
}
router id - router identifier, eo ka pono e shebahalang joaloka aterese ea IPv4, empa ha e le 'ngoe. Tabeng ea rona, e ka ba palo leha e le efe ea 32-bit ka mokhoa oa aterese ea IPv4, empa ke mokhoa o motle oa ho bontša hantle aterese ea IPv4 ea sesebelisoa sa hau (tabeng ena, VPS).
protocol direct e hlalosa hore na ke li-interfaces life tse tla sebetsa le mokhoa oa ho tsamaisa. Mohlala o fana ka mabitso a 'maloa a mohlala, o ka eketsa a mang. O ka hlakola mohala habonolo feela, ntlheng ena, seva se tla mamela lihokelo tsohle tse fumanehang ka aterese ea IPv4.
protocol static ke boselamose ba rona bo kenyang manane a li-prefixes le liaterese tsa IP (tseo e hlileng e leng li-prefixes / 32, ehlile) ho tsoa lifaeleng bakeng sa phatlalatso e latelang. Moo mathathamo ana a tsoang teng ho tla tšohloa ka tlase. Ka kopo hlokomela hore ho kenya liaterese tsa IP ho hlahisoa ka mokhoa oa kamehla, lebaka la sena ke bongata bo boholo ba ho kenya. Ha ho bapisoa, nakong ea ho ngola, ho na le mela e 78 lethathamong la li-prefixes, le 85898 lethathamong la liaterese tsa IP. bokamoso bo ho uena ho etsa qeto ka mor'a ho etsa liteko ka router ea hau. Ha se e 'ngoe le e' ngoe ea tsona e ka chekang habonolo likenyelletso tse likete tse 85 tafoleng ea ho tsamaisa.
protocol bgp, ha e le hantle, e theha bgp peering le router ea hau. Aterese ea IP ke aterese ea sebopeho sa ka ntle sa router (kapa aterese ea sebopeho sa kotopo ka lehlakoreng la router), 64998 le 64999 ke linomoro tsa mekhoa e ikemetseng. Tabeng ena, li ka abeloa ka mokhoa oa linomoro leha e le life tsa 16-bit, empa ke mokhoa o motle oa ho sebelisa linomoro tsa AS ho tloha sebakeng sa poraefete se hlalosoang ke RFC6996 - 64512-65534 hammoho (ho na le sebopeho sa 32-bit ASNs, empa molemong oa rona sena ke nnete haholo). Sebopeho se hlalositsoeng se sebelisa eBGP peering, moo lipalo tsa mekhoa e ikemetseng ea tšebeletso ea ho tsamaisa le router li tlameha ho fapana.
Joalokaha u bona, ts'ebeletso e hloka ho tseba aterese ea IP ea router, kahoo haeba u na le aterese ea poraefete e matla kapa e sa fetoleheng (RFC1918) kapa e arolelanoang (RFC6598), ha u na boikhethelo ba ho phahamisa maikutlo ka ntle. interface, empa ts'ebeletso e ntse e tla sebetsa ka har'a kotopo.
Ho boetse ho hlakile hore ho tsoa ts'ebeletso e le 'ngoe u ka fana ka litsela ho li-routers tse' maloa tse fapaneng - feela u li kopitse ka ho kopitsa karolo ea protocol bgp le ho fetola aterese ea IP ea moahelani. Ke ka lebaka leo mohlala o bontšang litlhophiso tsa ho nyarela ka ntle ho kotopo, e le eona e amang lefatše lohle. Ho bonolo ho li tlosa ka har'a kotopo ka ho fetola liaterese tsa IP litlhophisong ka nepo.
E sebetsa registry bakeng sa tšebeletso ea litsela
Hona joale re hloka, ha e le hantle, ho etsa lethathamo la li-prefixes le liaterese tsa IP, tse boletsoeng ho protocol static sethaleng se fetileng. Ho etsa sena, re nka faele ea ngoliso ebe re etsa lifaele tseo re li hlokang ho eona re sebelisa script e latelang, e kentsoeng ho eona /root/blacklist/makebgp
#!/bin/bash
cut -d";" -f1 /root/z-i/dump.csv| tr '|' 'n' | tr -d ' ' > /root/blacklist/tmpaddr.txt
cat /root/blacklist/tmpaddr.txt | grep / | sed 's_.*_route & reject;_' > /etc/bird/pfxlist.txt
cat /root/blacklist/tmpaddr.txt | sort | uniq | grep -Eo "([0-9]{1,3}[.]){3}[0-9]{1,3}" | sed 's_.*_route &/32 reject;_' > /etc/bird/iplist.txt
/etc/init.d/bird reload
logger 'bgp list compiled'U se ke ua lebala ho etsa hore e phethahale
chmod +x /root/blacklist/makebgpJoale u ka e tsamaisa ka letsoho 'me u shebelle ponahalo ea lifaele ho /etc/bird.
Ho ka etsahala hore ebe nonyana ha e sebetse bakeng sa hau hona joale, hobane sethaleng se fetileng u ile ua e kōpa ho batla lifaele tse neng li le sieo. Ka hona, rea e qala mme re hlahloba hore na e se e qalile:
systemctl start bird
birdc show routePhallo ea taelo ea bobeli e lokela ho bonts'a lirekoto tse ka bang 80 (sena ke sa hona joale, empa ha u se beha, ntho e 'ngoe le e' ngoe e tla itšetleha ka cheseho ea RKN ho thibela marang-rang) ntho e kang ena:
54.160.0.0/12 unreachable [static_bgp 2018-04-19] * (200)sehlopha
birdc show protocole tla bontša boemo ba liprothokholo ka har'a tšebeletso. Ho fihlela u lokiselitse router (sheba ntlha e latelang), protocol ea OurRouter e tla ba boemong ba ho qala (Mohato oa Connect kapa Active), 'me ka mor'a hore ho be le khokahanyo e atlehileng e tla ea holimo (Mokhahlelo o thehiloeng). Ka mohlala, tsamaisong ea ka tlhahiso ea taelo ena e shebahala tjena:
BIRD 1.6.3 ready.
name proto table state since info
kernel1 Kernel master up 2018-04-19
device1 Device master up 2018-04-19
static_bgp Static master up 2018-04-19
direct1 Direct master up 2018-04-19
RXXXXXx1 BGP master up 13:10:22 Established
RXXXXXx2 BGP master up 2018-04-24 Established
RXXXXXx3 BGP master start 2018-04-22 Connect Socket: Connection timed out
RXXXXXx4 BGP master up 2018-04-24 Established
RXXXXXx5 BGP master start 2018-04-24 Passive
Ho hokela router
Mohlomong e mong le e mong o khathetse ke ho bala lesela lena la maoto, empa bete pelo - pheletso e haufi. Ho feta moo, karolong ena nke ke ka khona ho fana ka litaelo tsa mohato ka mohato - e tla fapana ho moetsi ka mong.
Leha ho le joalo, nka u bontša mehlala e 'maloa. Monahano o ka sehloohong ke ho phahamisa maikutlo a BGP le ho abela nexthop ho li-prefixes tsohle tse amoheloang, ho supa kotopo ea rona (haeba re hloka ho romella sephethephethe ka sebopeho sa p2p) kapa aterese ea IP e latelang haeba sephethephethe se tla ea ethernet).
Ka mohlala, ho Mikrotik ho RouterOS sena se rarolloa ka tsela e latelang
/routing bgp instance set default as=64999 ignore-as-path-len=yes router-id=172.30.1.2
/routing bgp peer add in-filter=dynamic-in multihop=yes name=VPS remote-address=194.165.22.146 remote-as=64998 ttl=default
/routing filter add action=accept chain=dynamic-in protocol=bgp comment="Set nexthop" set-in-nexthop=172.30.1.1le ho Cisco IOS - tjena
router bgp 64999
neighbor 194.165.22.146 remote-as 64998
neighbor 194.165.22.146 route-map BGP_NEXT_HOP in
neighbor 194.165.22.146 ebgp-multihop 250
!
route-map BGP_NEXT_HOP permit 10
set ip next-hop 172.30.1.1Haeba kotopo e ts'oanang e sebelisoa bakeng sa ho sheba BGP le ho fetisa sephethephethe se sebetsang, ha ho hlokahale ho seta nexthop; e tla hlophisoa ka nepo ho sebelisoa protocol. Empa haeba u e beha ka letsoho, e ke ke ea mpefatsa le ho feta.
Libakeng tse ling, u tla tlameha ho iketsetsa tlhophiso, empa haeba u na le mathata, ngola litlhaloso, ke tla leka ho thusa.
Ka mor'a hore seboka sa hau sa BGP se qale, litsela tse eang ho marang-rang a maholo li fihlile 'me li kentsoe tafoleng, sephethephethe se phalletse ho liaterese ho tloha ho bona' me thabo e haufi, u ka khutlela tšebeletsong ea linonyana 'me u leke ho hlakola ho kena moo ho kopanyang lethathamo la liaterese tsa IP, etsa kamora moo
systemctl reload bird'me u bone kamoo router ea hau e fetisitseng litsela tsena tse likete tse 85. Itokisetse ho hula 'me u nahane ka seo u lokelang ho se etsa ka eona :)
Kakaretso
Ka mokhoa o hlakileng, ka mor'a ho qeta mehato e hlalositsoeng ka holimo, joale u na le tšebeletso e khutlisetsang sephethephethe ho liaterese tsa IP tse thibetsoeng Russia Federation nakong e fetileng tsamaiso ea ho sefa.
Ehlile, e ka ntlafatsoa. Mohlala, ho bonolo haholo ho akaretsa lethathamo la liaterese tsa IP u sebelisa litharollo tsa perl kapa python. Mongolo o bonolo oa Perl o etsa sena o sebelisa Net::CIDR::Lite e fetola li-prefixes tse likete tse 85 ho tse 60 (eseng sekete), empa, ehlile, e akaretsa mefuta e mengata e mengata ea liaterese ho feta e koetsoeng.
Kaha ts'ebeletso e sebetsa boemong ba boraro ba mohlala oa ISO / OSI, e ke ke ea u pholosa ho thibela sebaka / leqephe haeba e rarolla atereseng e fosahetseng joalokaha e tlalehiloe ho registry. Empa hammoho le registry, faele nxdomain.txt e fihla ho tloha github, eo ka liropo tse seng kae tsa script e fetohang habonolo mohloli oa liaterese bakeng sa, mohlala, SwitchyOmega plugin ho Chrome.
Hape hoa hlokahala ho bolela hore tharollo e hloka ntlafatso e eketsehileng haeba u se mosebeletsi oa Inthanete feela, empa hape u phatlalatsa lisebelisoa tse ling u le mong (mohlala, sebaka sa marang-rang kapa seva sa poso se tsamaisana le khokahanyo ena). U sebelisa mekhoa ea router, hoa hlokahala ho tlama sephethephethe se tsoang tšebeletsong ena ho ea atereseng ea hau ea sechaba, ho seng joalo u tla lahleheloa ke khokahanyo le lisebelisoa tse koahetsoeng ke lethathamo la li-prefixes tse amoheloang ke router.
Haeba u na le lipotso, botsa, ke ikemiselitse ho araba.
UPD. kea leboha и bakeng sa liparamente tsa git tse lumellang ho fokotsa meqolo ea download.
UPD2. Basebetsi-'moho, ho bonahala eka ke entse phoso ka ho se kenye litaelo tsa ho theha kotopo pakeng tsa VPS le router ho sehlooho. Lipotso tse ngata li hlahisoa ke sena.
Haeba ho ka etsahala, ke tla boela ke hlokomele hore pele u qala tataiso ena, u se u ntse u hlophisitse kotopo ea VPN ka tsela eo u e hlokang 'me u lekotse ts'ebetso ea eona (mohlala, ka ho fetola sephethephethe moo ka ho sa feleng kapa ka mokhoa o tsitsitseng). Haeba ha u e-so phethe karolo ena, ha ho utloahale ho latela mehato ea sengoloa. Ha ke na mongolo oa ka ho sena, empa haeba u google "ho theha seva sa OpenVPN" hammoho le lebitso la sistimi e kentsoeng ho VPS, le "ho theha moreki oa OpenVPN" ka lebitso la router ea hau. , mohlomong u tla fumana lingoloa tse ngata mabapi le taba ena, ho kenyeletsoa le Habré.
BOPHELO Ke ngotse khoutu e fetolang dump.csv faele e hlahisoang bakeng sa nonyana e nang le kakaretso ea boikhethelo ea liaterese tsa IP. Ka hona, karolo ea "Ho sebetsana le registry bakeng sa tšebeletso ea routing" e ka nkeloa sebaka ke ho letsetsa lenaneo la eona.
UPD4. Mosebetsi o monyenyane oa liphoso (ha kea li eketsa temaneng):
1) ho e-na le hoo systemctl reload nonyana hoa utloahala ho sebelisa taelo birdc lokisa.
2) ho router ea Mikrotik, ho e-na le ho fetola nexthop ho IP ea lehlakoreng la bobeli la kotopo. /sefa tsela eketsa ketane=ketane-ka matla-ka har'a protocol=bgp maikutlo=»Seta nexthop» set-in-nexthop=172.30.1.1 hoa utloahala ho hlakisa tsela ka kotloloho ho sebopeho sa kotopo, ntle le aterese /sefa tsela eketsa ketane = amohela ketane=dynamic-in protocol=bgp comment=»Beha nexthop» set-in-nexthop-direct=<interface name>
UPD5. Ho hlahile tshebeletso e ntjha , moo o ka nkang manane a seng a entsoe a liaterese tsa IP. E ntlafalitsoe halofo ea hora e 'ngoe le e 'ngoe. Ka lehlakoreng la bareki, se setseng ke ho theha lirekoto ka "tsela ... hana".
'Me ka nako ena, mohlomong, ho lekane ho rag nkhono oa hau le ho ntlafatsa sengoloa.
UPD6. Phetolelo e ntlafalitsoeng ea sengoloa bakeng sa ba sa batleng ho e tseba, empa ba batla ho qala - .
Source: www.habr.com