UArturo Borrero, umphuhlisi weDebian oyinxalenye yeProjekthi yeNetfilter Coreteam kunye nomgcini weepakethe ezinxulumene ne-nftables, iptables kunye netfilter kwiDebian, hambisa ukhupho olukhulu olulandelayo lweDebian 11 ukusebenzisa ii-nftables ngokungagqibekanga. Ukuba isiphakamiso sivunyiwe, iipakethi ezine-iptables ziya kuhanjiswa kwicandelo leenketho ezikhethiweyo ezingabandakanyi kwiphakheji eyisiseko.
Isihluzi sepakethe se-Nftables siphawuleka ngokudityaniswa kwe-packet filtering interfaces ze-IPv4, IPv6, ARP kunye neebhulorho zenethiwekhi. I-Nftables inikeza kuphela i-generic, i-protocol-independent interface kwinqanaba le-kernel elibonelela ngemisebenzi eyisiseko yokukhupha idatha kwiipakethi, ukwenza imisebenzi yedatha, kunye nokulawula ukuhamba. Ingqiqo yokucoca ngokwayo kunye ne-protocol-specific handlers ihlanganiswe kwi-bytecode kwindawo yomsebenzisi, emva koko le bytecode ilayishwa kwi-kernel isebenzisa ujongano lwe-Netlink kwaye iqhutywe kumatshini okhethekileyo okhumbuza i-BPF (i-Berkeley Packet Filters).
Ngokungagqibekanga, i-Debian 11 ikwabonelela nge-firewall eguqukayo, eyilwe njengesisongelo ngaphezulu kwee-nftables. I-Firewalld isebenza njengenkqubo yangasemva ekuvumela ukuba utshintshe ngokuguquguqukayo imigaqo yokucoca ipakethi nge-DBus ngaphandle kokuphinda ulayishe imithetho yepakethi yokucoca okanye ukwaphula uqhagamshelo olusekiweyo. Ukulawula i-firewall, i-firewall-cmd isetyenziswa, ethi, xa usenza imithetho, isekelwe kungekhona kwiidilesi ze-IP, ujongano lwenethiwekhi kunye neenombolo zezibuko, kodwa kumagama eenkonzo (umzekelo, ukuvula ukufikelela kwi-SSH kufuneka sebenzisa “firewall-cmd —yongeza —service= ssh”, ukuvala iSSH – “firewall-cmd –remove –service=ssh”).
umthombo: opennet.ru