I-ProHoster > Π‘Π»ΠΎΠ³ > izindaba ze-inthanethi > Ukukhishwa kwekhithi yokusabalalisa yokudala ama-firewall pfSense 2.4.5

Ukukhishwa kwekhithi yokusabalalisa yokudala ama-firewall pfSense 2.4.5

kwenzeka ukukhululwa kokusatshalaliswa okuhlangene kokudala ama-firewall namasango enethiwekhi i-pfSense 2.4.5. Ukusabalalisa kusekelwe kusisekelo sekhodi ye-FreeBSD kusetshenziswa ukuthuthukiswa kwephrojekthi ye-m0n0wall kanye nokusetshenziswa okusebenzayo kwe-pf ne-ALTQ. Okokulayisha iyatholakala izithombe ezimbalwa zezakhiwo ze-amd64, ezinosayizi osuka ku-300 kuya ku-360 MB, ohlanganisa i-LiveCD kanye nesithombe sokufakwa ku-USB Flash.

Ukusabalalisa kulawulwa ngesixhumi esibonakalayo sewebhu. Ukuze uhlele ukufinyelela komsebenzisi kunethiwekhi enezintambo nezintambo, i-Captive Portal, i-NAT, i-VPN (IPsec, i-OpenVPN) ne-PPPoE ingasetshenziswa. Amakhono anhlobonhlobo asekelwa ukukhawulela umkhawulokudonsa, ukukhawulela inombolo yokuxhumeka ngesikhathi esisodwa, ukuhlunga ithrafikhi nokudala ukucushwa okubekezelela amaphutha okusekelwe ku-CARP. Izibalo zokusebenza ziboniswa ngendlela yamagrafu noma ngendlela yethebula. Ukugunyazwa kusekelwa kusetshenziswa isizinda somsebenzisi wendawo, kanye ne-RADIUS ne-LDAP.

Ukhiye shintsha:

  • Izingxenye zesistimu eyisisekelo zibuyekeziwe zaba yi-FreeBSD 11-STABLE;
  • Amanye amakhasi okusebenza kwewebhu, okuhlanganisa nomphathi wesitifiketi, uhlu lokubophezela kwe-DHCP namathebula e-ARP/NDP, manje asekela ukuhlunga nokusesha;
  • Isixazululi se-DNS esisekelwe ku-Unbound sengezwe kumathuluzi okuhlanganiswa kwescript sePython;
  • Kwengezwe i-IPsec DH (Diffie-Hellman) ne-PFS (Perfect Forward Secrecy) Amaqembu e-Diffie-Hellman 25, 26, 27 kanye no-31;
  • Ezilungiselelweni zesistimu yefayela le-UFS yezinhlelo ezintsha, imodi ye-noatime yenziwa isebenze ngokuzenzakalelayo ukuze kuncishiswe imisebenzi yokubhala engadingekile;
  • Isibaluli β€œsokugcwalisa ngokuzenzakalelayo=iphasiwedi entsha” sengezwe kumafomu okufakazela ubuqiniso ukuze kukhubazwe ukugcwaliswa okuzenzakalelayo kwezinkambu ngedatha ebucayi;
  • Kwengezwe abahlinzeki berekhodi be-DNS abasha - i-Linode ne-Gandi;
  • Kulungisiwe ubungozi obuningana, okuhlanganisa nenkinga kusixhumi esibonakalayo sewebhu esivumela umsebenzisi ogunyazwe ukuthi afinyelele iwijethi yokulayisha isithombe ukuze asebenzise noma iyiphi ikhodi ye-PHP futhi athole ukufinyelela emakhasini akhethekile esixhumi esibonakalayo somlawuli.
    Ngaphezu kwalokho, ithuba lokubhalwa kwe-cross-site scripting (XSS) lisusiwe kusixhumi esibonakalayo sewebhu.

Source: opennet.ru

Engeza amazwana