Ukukhutshwa kwekhithi yokusabalalisa yokudala i-firewall OPNsense 21.7 yenzeka, eyisebe leprojekthi ye-pfSense, eyenziwe ngenjongo yokudala ikiti yokusabalalisa evuleleke ngokupheleleyo enokuthi ibe nokusebenza kwinqanaba lezisombululo zorhwebo zokuthumela i-firewall kunye ne-network gateways. . Ngokungafaniyo ne-pfSense, iprojekthi ibekwe njengengalawulwa yinkampani enye, iphuhliswe ngokuthatha inxaxheba ngokuthe ngqo koluntu kwaye inenkqubo yophuhliso ecacileyo ngokupheleleyo, kunye nokubonelela ngethuba lokusebenzisa nayiphi na intuthuko yayo kwiimveliso zomntu wesithathu, kuquka urhwebo. enye. Ikhowudi yomthombo yamacandelo okusabalalisa, kunye nezixhobo ezisetyenziselwa ukudibanisa, zihanjiswa phantsi kwelayisensi ye-BSD. Iindibano zilungiselelwe ngendlela ye-LiveCD kunye nomfanekiso wenkqubo yokurekhoda kwi-Flash drives (422 MB).
Umxholo osisiseko wokusabalalisa usekelwe kwikhowudi ye-HardenedBSD, exhasa imfoloko ehambelanayo ye-FreeBSD, edibanisa iindlela zokukhusela ezongezelelweyo kunye nobuchule bokulwa nokuxhaphazwa kobuthathaka. Phakathi kweempawu ze-OPNsense kukho i-toolkit yokwakha evuleke ngokupheleleyo, ukukwazi ukufaka ngendlela yeepakethi phezulu kwe-FreeBSD eqhelekileyo, izixhobo zokulinganisa umthwalo, ujongano lwewebhu lokuququzelela uxhulumaniso lomsebenzisi kwinethiwekhi (i-Captive portal), ubukho beendlela. ukulandelela uxhulumaniso lwamazwe (i-firewall esemthethweni esekelwe kwi-pf), ukubeka umda we-bandwidth, ukucoca i-traffic, ukudala i-VPN esekelwe kwi-IPsec, i-OpenVPN kunye ne-PPTP, ukudibanisa ne-LDAP kunye ne-RADIUS, inkxaso ye-DDNS (Dynamic DNS), inkqubo yeengxelo ezibonakalayo kunye iigrafu.
Ukuhanjiswa kunika izixhobo zokudala ukucwangciswa kokunyamezela okuphosakeleyo ngokusekelwe ekusebenziseni iprotocol yeCARP kunye nokuvumela ukuba uqalise, ngaphezu kwe-firewall engundoqo, i-node yogcino oluya kulungelelaniswa ngokuzenzekelayo kwinqanaba loqwalaselo kwaye luya kuthatha umthwalo isiganeko sokungaphumeleli kwendawo yokuqala. Umlawuli unikezwa ujongano lwangoku kunye olulula lokuqwalasela i-firewall, eyakhiwe kusetyenziswa i-Bootstrap web framework.
Phakathi kotshintsho:
- Usasazo lusekwe kuphuhliso lweHardenedBSD 12.1. Ukukhutshwa okulandelayo, i-22.1, iceba ukufudukela kwi-FreeBSD 13.
- Isifakeli esitsha sicetywayo esibonelela ngenkxaso eyakhelwe-ngaphakathi yokufakela kwizahlulo kunye nenkqubo yefayile yeZFS kwaye ifanelekile ukusebenza koomatshini abasebenzisa i-UEFI.
- I-interface yokuhlaziya i-firmware yenziwe ngokutsha.
- Kwilogi ebonisa umsebenzi wokucoca i-traffic, kuqinisekiswa ukuba izichasi zomgaqo wangoku ziboniswa ukuphepha ukutolika okungalunganga emva kokutshintsha isethi yemithetho.
- Kwiitemplates ezikuvumela ukuba unxulumanise iseti yothungelwano, iinginginya kunye namazibuko anegama elithile elingumfuziselo kwimithetho ye-firewall (i-aliases), ukukwazi ukukhankanya ii-bit masks (i-wildcard mask) kwiimaski zothungelwano zongeziweyo.
umthombo: opennet.ru