ProHoster > Ibhulogi > iindaba ze-intanethi > Ukukhutshwa kwekhithi yokuhambisa ekudaleni iindonga zomlilo pfSense 2.4.5

Ukukhutshwa kwekhithi yokuhambisa ekudaleni iindonga zomlilo pfSense 2.4.5

yathatha indawo ukukhululwa kokusasazwa okudibeneyo ekudaleni i-firewall kunye neesango zenethiwekhi I-pfSense 2.4.5. Ukuhanjiswa kusekelwe kwisiseko sekhowudi ye-FreeBSD usebenzisa uphuhliso lweprojekthi ye-m0n0wall kunye nokusetyenziswa okusebenzayo kwe-pf kunye ne-ALTQ. Yokulayisha ezikhoyo imifanekiso emininzi yezakhiwo ze-amd64, ukusuka kubukhulu ukusuka kwi-300 ukuya kwi-360 MB, kuquka i-LiveCD kunye nomfanekiso wofakelo kwi-USB Flash.

Unikezelo lulawulwa kusetyenziswa ujongano lwewebhu. Ukulungelelanisa ukufikelela komsebenzisi kwinethiwekhi enentambo kunye ne-wireless, i-Captive Portal, i-NAT, i-VPN (IPsec, i-OpenVPN) kunye ne-PPPoE ingasetyenziswa. Uluhlu olubanzi lwezakhono luxhaswa ukukhawulela umda we-bandwidth, ukunciphisa inani loxhulumaniso lwangaxeshanye, ukucoca i-traffic kunye nokudala ukucwangciswa kokunyamezela okusekelwe kwi-CARP. Izibalo zokusebenza ziboniswa ngendlela yeegrafu okanye kwifom yetheyibhile. Ugunyaziso luxhaswa kusetyenziswa isiseko somsebenzisi wendawo, kunye neRADIUS kunye neLDAP.

Isitshixo utshintsho:

  • Amacandelo enkqubo yesiseko ahlaziywe kwi-FreeBSD 11-STABLE;
  • Amanye amaphepha ojongano lwewebhu, kubandakanywa nomphathi wesatifikethi, uluhlu lwezibophelelo ze-DHCP kunye neetheyibhile ze-ARP/NDP, ngoku zixhasa ukuhlenga-hlengisa nokukhangela;
  • Isisombululo se-DNS esisekelwe kwi-Unbound yongezwe kwizixhobo zokudibanisa i-Python script;
  • I-IPsec DH (i-Diffie-Hellman) kunye ne-PFS (iMfihlo ePhambili ePhambili) yongezwa Amaqela eDiffie-Hellman 25, 26, 27 kunye nama-31;
  • Kuseto lwesixokelelwano sefayile ye-UFS kwiisistim ezintsha, imo ye-noatime ivulwe ngokungagqibekanga ukuze kuncitshiswe imisebenzi yokubhala engeyomfuneko;
  • Uphawu loyelelwano “lokugqibezela ngokuzenzekela=igama-password elitsha” longezwe kwiifomu zokungqinisisa ukuvala ukuzaliswa ngokuzenzekelayo kwemimandla ngedatha ebuthathaka;
  • Kongezwe ababoneleli berekhodi be-DNS abatsha-iLinode kunye neGandi;
  • Ubuthathaka obuninzi bulungisiwe, kubandakanya umba kujongano lwewebhu oluvumela umsebenzisi oqinisekisiweyo ukuba afikelele kwiwijethi yokulayisha umfanekiso ukwenza nayiphi na ikhowudi ye-PHP kunye nokufikelela kumaphepha akhethekileyo ojongano lomlawuli.
    Ukongeza, ukuba nokwenzeka kwe-cross-site scripting (XSS) kuphelisiwe kwi-interface yewebhu.

umthombo: opennet.ru

Yongeza izimvo