Ukukhutshwa kwekhithi yokusabalalisa ekudaleni i-OPNsense 23.1 i-firewalls iye yaveliswa, eyisebe leprojekthi ye-pfSense, eyenziwe ngenjongo yokudala ikiti yokusabalalisa evulekile ngokupheleleyo enokuthi ibe nokusebenza kwinqanaba lezisombululo zorhwebo zokuthumela i-firewalls kunye nenethiwekhi. amasango. Ngokungafaniyo ne-pfSense, iprojekthi ibekwe njengengalawulwa yinkampani enye, iphuhliswe ngokuthatha inxaxheba ngokuthe ngqo koluntu kwaye inenkqubo yophuhliso ecacileyo ngokupheleleyo, kunye nokubonelela ngethuba lokusebenzisa nayiphi na intuthuko yayo kwiimveliso zomntu wesithathu, kuquka urhwebo. enye. Ikhowudi yomthombo yamacandelo okusabalalisa, kunye nezixhobo ezisetyenziselwa ukudibanisa, zihanjiswa phantsi kwelayisensi ye-BSD. Iindibano zilungiselelwe ngendlela ye-LiveCD kunye nomfanekiso wenkqubo yokurekhoda kwi-Flash drives (399 MB).
Umxholo osisiseko wokusabalalisa usekelwe kwikhowudi ye-FreeBSD. Phakathi kweempawu ze-OPNsense kukho i-toolkit yokwakha evuleke ngokupheleleyo, ukukwazi ukufaka ngendlela yeepakethe phezulu kwe-FreeBSD eqhelekileyo, izixhobo zokulinganisa umthwalo, ujongano lwewebhu lokuququzelela uxhulumaniso lomsebenzisi kwinethiwekhi (i-Captive portal), ubukho beendlela. ukulandelela uxhulumaniso lwamazwe (i-firewall esemthethweni esekelwe kwi-pf), ukubeka umda we-bandwidth, ukucoca i-traffic, ukudala i-VPN esekelwe kwi-IPsec, i-OpenVPN kunye ne-PPTP, ukudibanisa ne-LDAP kunye ne-RADIUS, inkxaso ye-DDNS (Dynamic DNS), inkqubo yeengxelo ezibonakalayo kunye iigrafu.
Ukuhanjiswa kunika izixhobo zokudala ukucwangciswa kokunyamezela okuphosakeleyo ngokusekelwe ekusebenziseni iprotocol yeCARP kunye nokuvumela ukuba uqalise, ngaphezu kwe-firewall engundoqo, i-node yogcino oluya kulungelelaniswa ngokuzenzekelayo kwinqanaba loqwalaselo kwaye luya kuthatha umthwalo isiganeko sokungaphumeleli kwendawo yokuqala. Umlawuli unikezwa ujongano lwangoku kunye olulula lokuqwalasela i-firewall, eyakhiwe kusetyenziswa i-Bootstrap web framework.
Phakathi kotshintsho:
- Utshintsho olusuka kwi-FreeBSD 13-STABLE isebe lidluliselwe.
- Iinguqulelo ezihlaziyiweyo zeenkqubo ezongezelelweyo ezivela kumazibuko, umzekelo, php 8.1.14 kunye ne-sudo 1.9.12p2.
- Ukuphunyezwa kwe-blocklist esekelwe kwi-DNS yongezwa, ibhalwe kwakhona kwi-Python kwaye ixhasa uluhlu oluhlukeneyo lwentengiso kunye noluhlu olubi lokuthintela umxholo.
- Ukuqokelela kunye nokuboniswa kwezibalo ekusebenzeni kwe-Unbound DNS iseva inikezelwa, ekuvumela ukuba ulandele i-DNS traffic ngokumalunga nabasebenzisi.
- Kongezwe uhlobo olutsha BGP ASN firewall.
- Imo eyongeziweyo yePPPoEv6 eyongeziweyo ukuze ukhethe iProtocol yoLawulo ye-IPv6.
- Inkxaso eyongeziweyo ye-SLAAC WAN ujongano ngaphandle kweDHCPv6.
- Izixhobo zokubamba iipakethi kunye nolawulo lwe-IPsec zidluliselwe kwisakhelo se-MVC, esenze ukuba kube lula ukuphumeza inkxaso yolawulo lwe-API kuzo.
- Izicwangciso ze-IPsec zisiwe kwifayile ye-swanctl.conf.
- I-plugin ye-os-sslh ifakiwe, ekuvumela ukuba uphindaphinde i-HTTPS, i-SSH, i-OpenVPN, i-tinc kunye ne-XMPP uxhulumaniso nge-port yenethiwekhi ye-443.
- Iplagi ye-os-ddclient (i-Dynamic DNS Client) ngoku ibonelela ngokukwazi ukusebenzisa i-backends yakho, kuquka i-Azure.
- Iplagin ye-os-wireguard ene-VPN WireGuard iye yatshintshwa ngokungagqibekanga ukusebenzisa imodyuli ye-kernel (indlela endala yokusebenza kwinqanaba lomsebenzisi ihanjiswe kwi-plugin eyahlukileyo ye-os-wireguard-go).
umthombo: opennet.ru