I-OPNsense ye-26.7 yokusabalalisa i-firewall ikhululiwe Ifakwe kwiprojekthi ye-pfSense kwi-2015 ngenjongo yokuphuhlisa usasazo oluvulekileyo olunokuthi lube nokusebenza kwinqanaba lezisombululo zorhwebo zokusebenzisa i-firewall kunye ne-network gateways. Ngokungafaniyo ne-pfSense, iprojekthi ibekwe njengengalawulwa yinkampani enye, iphuhliswe ngokuthatha inxaxheba ngokuthe ngqo koluntu kunye nenkqubo yophuhliso ecacileyo ngokupheleleyo, kunye nokubonelela ngethuba lokusebenzisa nayiphi na intuthuko yayo kwiimveliso zomntu wesithathu, kubandakanywa. ezorhwebo. Ikhowudi yomthombo yamacandelo okusabalalisa, kunye nezixhobo ezisetyenziselwa ukudibanisa, zihanjiswa phantsi kwelayisensi ye-BSD. Iindibano zilungiselelwe ngendlela ye-LiveCD kunye nomfanekiso wenkqubo yokurekhoda kwi-Flash drives (490 MB).
Isiseko sosasazo sisekelwe kwikhowudi yeFreeBSD. Iimpawu ze-OPNsense ziquka: isixhobo sokwakha esivulelekileyo ngokupheleleyo, inkxaso yokufakela njengeepakethe ngaphezulu kweFreeBSD eqhelekileyo, izixhobo zokulinganisela umthwalo, ujongano lwewebhu lokulungiselela uqhagamshelo lomsebenzisi kwinethiwekhi (iCaptive Portal), iindlela zokulandelela imeko yoqhagamshelwano (i-firewall ecacileyo esekelwe kwi-pf), inkqubo yokunciphisa i-bandwidth, ukucoca ithrafikhi, kunye nokudalwa kwe-VPN esekwe kwi-IPsec. OpenVPN kunye ne-PPTP, ukuhlanganiswa ne-LDAP kunye ne-RADIUS, inkxaso ye-DDNS (Dynamic DNS), inkqubo yeengxelo ezibonakalayo kunye neegrafu.
Ngesiseko sokusasazwa, kunokwenzeka ukwenza ulungelelwaniso olunempazamo olusekelwe ekusebenziseni i-protocol ye-CARP kunye nokuvumela ukuqaliswa, ngaphezu kwe-firewall engundoqo, i-node yokulondoloza, eya kulungelelaniswa ngokuzenzekelayo kwinqanaba loqwalaselo kwaye iya kuthatha umthwalo xa kwenzeka ukusilela kwendawo yokuqala. Umlawuli unikezwa ujongano lwewebhu lokuqwalasela i-firewall, eyakhiwe ngokusebenzisa isakhelo sewebhu seBootstrap kunye ne-Phalcon MVC.
Phakathi kotshintsho:
- Utshintsho oluya kwisiseko sekhowudi yeFreeBSD 15.1 lugqityiwe (ngaphambili kwakusetyenziswa iFreeBSD 14.3).
- Ii-interfaces zokumisela imithetho ye-firewall, ukwabela ii-interfaces zenethiwekhi (ezahlula phakathi kwe-LAN kunye ne-WAN), kunye nokulawula amaqela esango ziye zafuduselwa ekusebenziseni isakhelo se-MVC kwaye ngoku zikwafumaneka nge-Web API yokwenza ulawulo loqwalaselo lwenethiwekhi lube ngokuzenzekelayo.
- Kongezwe iwizard yokufudusela imithetho yokuguqulela idilesi ukusuka kwifomathi endala yoqwalaselo lwe-Outbound NAT ukuya kwifomathi entsha kusetyenziswa uyilo lwe-Source NAT (SNAT).
- Inkxaso ye-DDNS (Dynamic) kunye nokwabiwa ngokuzenzekelayo kwezimaphambili ze-IPv6 (iibhloko zeedilesi) kongezwe kwi-KEA DHCP configurator.
- Inkxaso ye-IPv6 yongezwe kwi-Captive portal.
- Iinguqulelo ezihlaziyiweyo OpenVPN 2.7, PHP 8.5, Python 3.13.
- Ubuthathaka obubalulekileyo (CVE-2026-57155, inqanaba lobunzima 9.9 kwi-10) bulungisiwe. Olu buthathaka luvumele umsebenzisi ongenamalungelo angenawo ukufikelela kwi-shell kunye nokufikelela okulinganiselweyo kwii-aliase (uluhlu lwamagama enethiwekhi kunye namagama e-host) ukuba asebenzise ikhowudi ene-root privileges. Ubuthathaka bubangelwa kukungabikho kokuhlolwa okufanelekileyo xa kusetyenzwa idatha evela kwi-database ye-GeoIP edibanisa amazwe needilesi ze-IP.
Ikhowudi yelizwe evela kwisiseko sedatha seGeoIP yatshintshwa ngaphandle kokuqinisekiswa xa kuveliswa igama lefayile elibhalwayo, okuvumela nayiphi na ifayile kwinkqubo ukuba ibhalwe ngaphezulu, njengoko umphathi esebenza ngamalungelo eengcambu. Umsebenzisi ongenamalungelo angasebenzisa iWeb API ukucacisa i-URL yokukhuphela isiseko sedatha seGeoIP esilungisiweyo see-alias. Ukuze ufumane amalungelo eengcambu, umntu angachaza "../../../../../../../../../etc/newsyslog.conf.d/zzz_pwn" endaweni yekhowudi yelizwe kwenye yee-database entrys. Oku kuya kudala ifayile yoqwalaselo lwenkqubo yokujikeleza kwelog, enokuchaza imiyalelo esebenza ngamalungelo eengcambu.
umthombo: opennet.ru
