ukukhululwa kwekhithi yokusabalalisa ekudaleni ii-routers kunye ne-firewall . I-IPFire yahlulwe ngenkqubo yokufakela elula kunye nombutho woqwalaselo ngokusebenzisa i-interface yewebhu enembile, egcwele imizobo ebonakalayo. Ubungakanani bofakelo 290 MB (x86_64, i586, ARM).
Inkqubo iyimodyuli, ngaphezu kwemisebenzi eyisiseko yokucoca ipakethi kunye nokulawulwa kwetrafikhi ye-IPFire, iimodyuli ziyafumaneka kunye nokuphunyezwa kwenkqubo yokuthintela ukuhlaselwa okusekelwe kwiSuricata, ekudaleni iseva yefayile (Samba, FTP, NFS), a umncedisi weposi (Cyrus-IMAPd, Postfix, Spamassassin, ClamAV kunye ne-Openmailadmin) kunye nomncedisi wokushicilela (CUPS), ukulungelelanisa isango leVoIP elisekelwe kwi-Asterisk kunye ne-Teamspeak, ukudala indawo yokufikelela engenazintambo, iququzelele i-audio yokusakaza kunye nevidiyo yeseva (MPFire, Videolan , Icecast, Gnump3d, VDR). Ukufakela i-add-ons kwi-IPFire, umphathi wephakheji ekhethekileyo, i-Pakfire, isetyenziswa.
Kukhupho olutsha:
- Amacandelo ojongano olusetyenzisiweyo kunye nezikripthi zokusasaza ezinxulumene neDNS:
- Inkxaso eyongeziweyo ye-DNS-over-TLS.
- Iisetingi ze-DNS zidityanisiwe kuwo onke amaphepha ojongano lwewebhu.
- Ngoku kuyenzeka ukucacisa ngaphezulu kweeseva ezimbini ze-DNS usebenzisa iseva ekhawulezayo kuluhlu olungagqibekanga.
- Imo eyongeziweyo ye-QNAME yokunciphisa (RFC-7816) ukunciphisa ukuhanjiswa kolwazi olongezelelweyo kwizicelo ukwenzela ukuthintela ukuvuza kolwazi malunga nesizinda esiceliwe kunye nokwandisa ubumfihlo.
- Isihluzi siphunyeziwe ukucoca iziza kuphela kubantu abadala kwinqanaba le-DNS.
- Ixesha lokulayisha liye lakhawuleza ngokunciphisa inani leetshekhi ze-DNS.
- I-workaround iphunyeziwe xa umboneleli ehluza izicelo ze-DNS okanye inkxaso ye-DNSSEC engalunganga (kwimeko yeengxaki, uthutho lutshintshelwe kwi-TLS kunye ne-TCP).
- Ukusombulula iingxaki ngokulahleka kweepakethi eziqhekekileyo, ubukhulu be-buffer ye-EDNS buncitshiswe ukuya kwi-1232 bytes (ixabiso le-1232 likhethwe kuba liphezulu apho ubukhulu bempendulo ye-DNS, kuthathelwa ingqalelo i-IPv6, ingena kwixabiso elincinci le-MTU. (1280).
- Iinguqulelo zephakheji ezihlaziyiweyo, kuquka i-GCC 9, iPython 3, iqhina 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc 1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. khulula 1.9.6.
- Inkxaso eyongeziweyo kwiilwimi zeGo kunye neRust. Ukuqulunqwa okuphambili kubandakanya isiphequluli se-elinks kunye nephakheji .
- Izongezo ezihlaziyiweyo ziphelelwe ngamanzi emzimbeni 0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, tor 0.4.2.5, tshark 3.0.7. Yongeza i-agent entsha ye-amazon-ssm-agent-on ukuphucula ukudibanisa kunye nelifu le-Amazon.
- Ulwazi lolungiso lweempazamo kwiifayile eziphunyeziweyo lucociwe ukunciphisa ubungakanani bosasazo emva kokufaka.
- Inkxaso eyongeziweyo yezahlulo ze-LVM.
- Inkxaso eyongeziweyo yokucoca iipakethi zenethiwekhi ukusuka kubathengi be-OpenVPN ukuya kwi-IPS (iNkqubo yokuThintela ukungena);
- Kwi-Pakfire, i-HTTPS isetyenziselwa ukulayisha uluhlu lwezibuko (ngaphambili, isicelo sokuqala sasihamba nge-HTTP, kwaye umncedisi uya kukhupha kwakhona kwi-HTTPS).
umthombo: opennet.ru