ikhithi yokusabalalisa yokudala ama-firewall , okuyimfoloko yephrojekthi ye-pfSense, edalwe ngenhloso yokwenza ukusabalalisa okuvuleke ngokuphelele okungaba nokusebenza kwezixazululo zezentengiselwano zokuthumela izindonga zomlilo kanye namasango enethiwekhi. Ngokungafani ne-pfSense, iphrojekthi ibekwe njengengalawulwa yinkampani eyodwa, ithuthukiswe ngokubamba iqhaza okuqondile komphakathi futhi inenqubo yentuthuko esobala ngokuphelele, kanye nokunikeza ithuba lokusebenzisa noma yikuphi ukuthuthukiswa kwayo emikhiqizweni yezinkampani zangaphandle, okuhlanganisa nezohwebo. eyodwa. Imibhalo yomthombo yezingxenye zokusabalalisa, kanye namathuluzi asetshenziselwa ukuhlanganisa, ngaphansi kwelayisensi ye-BSD. Imihlangano ngesimo se-LiveCD nesithombe sohlelo sokuqoshwa kuma-Flash drives (280 MB).
Okuqukethwe okuyisisekelo kokusabalalisa kusekelwe kukhodi , esekela imfoloko evumelanisiwe ye-FreeBSD, ehlanganisa izindlela zokuphepha ezengeziwe nezindlela zokulwa nokuxhashazwa kobungozi. Phakathi I-OPNsense ingahlukaniswa ngekhithi yamathuluzi yomhlangano evuleke ngokuphelele, amandla okufaka ngendlela yamaphakheji ngaphezulu kwe-FreeBSD ejwayelekile, amathuluzi okulinganisa ukulayisha, isixhumi esibonakalayo sewebhu sokuhlela ukuxhumana kwabasebenzisi kunethiwekhi (ingosi yokuthunjwa), ukuba khona kwezinqubo ze ukulandelela ukuxhumanisa (i-firewall esemthethweni esekelwe ku-pf), ukubeka imikhawulo yomkhawulokudonsa, ukuhlunga kwethrafikhi, ukudala i-VPN esekelwe ku-IPsec, i-OpenVPN ne-PPTP, ukuhlanganiswa ne-LDAP ne-RADIUS, ukusekelwa kwe-DDNS (Dynamic DNS), uhlelo lwemibiko ebonakalayo namagrafu. .
Ngaphezu kwalokho, ukusatshalaliswa kunikeza amathuluzi okudala ukucushwa okubekezelela amaphutha okusekelwe ekusetshenzisweni kwephrothokholi ye-CARP futhi kukuvumela ukuthi uqalise, ngaphezu kwe-firewall eyinhloko, i-node yokusekelayo ezovumelaniswa ngokuzenzakalelayo ezingeni lokucushwa futhi izothatha izintambo. umthwalo uma kwenzeka ukwehluleka kwenodi eyinhloko. Umlawuli unikezwa isixhumi esibonakalayo sesimanje nesilula sokumisa i-firewall, eyakhiwe kusetshenziswa uhlaka lwewebhu lwe-Bootstrap.
Enguqulweni entsha:
- Ukusebenza kwesixhumi esibonakalayo sewebhu sokuxhumanisa abasebenzisi kunethiwekhi engenantambo (i-Captive portal) kunyusiwe;
- I-IPsec manje isekela ukuqinisekiswa kokhiye womphakathi;
- Kwengezwe ikhono lokudala izitifiketi usebenzisa ama-algorithms ejika eliyi-elliptic;
- Ukwesekwa okwengeziwe kwe-VXLAN kanye namadivayisi we-Loopback;
- Ukuhlolwa kokusebenza kwe-Firmware kuqinisiwe;
- Emithethweni eboshelwe ku-interface yenethiwekhi, kungenzeka ukusetha ukubophezela ekuqondeni kwamaphakethe (angenayo / aphumayo) futhi usebenze kumodi engasheshi (umthetho wokugcina owanelisa izimo ubangelwa, hhayi owokuqala);
- I-frontend yokungena ibhalwe kabusha kusetshenziswa uhlaka lwe-MVC futhi manje isekela ukuphathwa kwe-API;
- Inguqulo ezenzakalelayo yePython ingu-3.7;
- Izinguqulo zesofthiwe ezibuyekeziwe, ezihlanganisa i-LibreSSL 3.0, i-OpenSSL 1.1.1, php 7.2.27, isc-dhcp 4.4.2, zabbix4-proxy 1.2 kanye ne-jQuery 3.4.1;
- Ukwesekwa okwengeziwe kwe-Google Backup API 2.4.
Source: opennet.ru