ProHoster > Blog > litaba tsa inthanete > Ho lokolloa ha lisebelisoa tsa kabo bakeng sa ho theha li-firewall tsa IPFire 2.25

Ho lokolloa ha lisebelisoa tsa kabo bakeng sa ho theha li-firewall tsa IPFire 2.25

Fumaneha ho lokolloa ha lisebelisoa tsa ho aba bakeng sa ho theha li-routers le li-firewall IPFire 2.25 Ntho ea 141. IPFire e khetholloa ka mokhoa o bonolo oa ho kenya le tlhophiso ea tlhophiso ka sebopeho sa marang-rang se hlakileng, se tletseng litšoantšo tse bonahalang. Boholo ba ho kenya setšoantšo sa iso ke 290 MB (x86_64, i586, ARM).

Sistimi ena ke ea modular, ntle le mesebetsi ea mantlha ea ho sefa lipakete le taolo ea sephethephethe bakeng sa IPFire, li-module li fumaneha ka ts'ebetsong ea sistimi ea ho thibela litlhaselo tse thehiloeng ho Suricata, bakeng sa ho theha seva sa faele (Samba, FTP, NFS), a seva sa poso (Cyrus-IMAPd, Postfix, Spamassassin, ClamAV le Openmailadmin) le seva sa khatiso (CUPS), ho hlophisa tsela ea VoIP e thehiloeng ho Asterisk le Teamspeak, ho theha sebaka sa ho fumana mohala, ho hlophisa seva sa audio le video (MPFire, Videolan). , Icecast, Gnump3d, VDR). Ho kenya li-add-on ho IPFire, ho sebelisoa mookameli oa sephutheloana se khethehileng, Pakfire.

Tokollong e ncha:

  • Likarolo tse hlophisitsoeng bocha le lingoliloeng tsa kabo tse amanang le DNS:
    • Tšehetso e ekelitsoeng bakeng sa DNS-over-TLS.
    • Litlhophiso tsa DNS li kopantsoe maqepheng ohle a marang-rang.
    • Hona joale hoa khoneha ho hlakisa li-server tse fetang tse peli tsa DNS ho sebelisa seva e potlakileng ho tsoa lethathamong la kamehla.
    • E kentse QNAME Minimization mode (RFC-7816) ho fokotsa phetiso ea tlhahisoleseling e eketsehileng ho likopo e le ho thibela ho lutla ha tlhahisoleseling mabapi le sebaka se kopiloeng le ho eketsa boinotši.
    • Sefahla se kentsoe tšebetsong ho sefa libaka tsa batho ba baholo feela maemong a DNS.
    • Nako ea ho kenya e potlakisitsoe ka ho fokotsa palo ea licheke tsa DNS.
    • Ho kentsoe ts'ebetsong haeba mofani a sefa likopo tsa DNS kapa tšehetso e fosahetseng ea DNSSEC (haeba ho na le mathata, sepalangoang se fetisetsoa ho TLS le TCP).
    • Ho rarolla mathata ka tahlehelo ea lipakete tse arohaneng, boholo ba buffer ea EDNS bo fokotsehile ho 1232 bytes (boleng ba 1232 bo khethiloe hobane ke boholo boo boholo ba karabo ea DNS, ho nahanoa ka IPv6, bo kenang bonyane ba boleng ba MTU. (1280).
  • Liphetolelo tse ntlafalitsoeng tsa sephutheloana, ho kenyeletsoa GCC 9, Python 3, knot 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc 1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. e sa tlangoa 1.9.6.
  • Tšehetso e ekelitsoeng bakeng sa lipuo tsa Go le Rust. Sebopeho se seholo se kenyelletsa sebatli sa elinks le sephutheloana rfkill.
  • Li-add-on tse ntlafalitsoeng li feletsoe ke metsi 0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, tor 0.4.2.5, tshark 3.0.7. E kentse tlatsetso e ncha ea amazon-ssm-agent ho ntlafatsa kopanyo le leru la Amazon.
  • Tlhahisoleseding ea ho lokisa liphoso lifaeleng tse sebetsang e hloekisitsoe ho fokotsa boholo ba kabo ka mor'a ho kenya.
  • Tšehetso e ekelitsoeng bakeng sa likarolo tsa LVM.
  • Ts'ehetso e ekelitsoeng bakeng sa ho sefa lipakete tsa marang-rang ho tloha ho bareki ba OpenVPN ho IPS (Sistimi ea Thibelo ea Intrusion);
  • Pakfire, HTTPS e sebelisetsoa ho kenya lenane la liipone (pele, kopo ea pele e ne e le ka HTTP, 'me seva se ne se tla fana ka redirect ho HTTPS).

Source: opennet.ru

Eketsa ka tlhaloso