Ukukhishwa kokusatshalaliswa okuhlangene kokwakha ama-firewall namasango enethiwekhi pfSense 2.6.0 kushicilelwe. Ukusabalalisa kusekelwe kusisekelo sekhodi ye-FreeBSD kusetshenziswa ukuthuthukiswa kwephrojekthi ye-m0n0wall kanye nokusetshenziswa okusebenzayo kwe-pf ne-ALTQ. Isithombe se-iso se-amd64 architecture, 430 MB ngosayizi, silungiselelwe ukudawuniloda.
Ukusabalalisa kulawulwa ngesixhumi esibonakalayo sewebhu. Ukuze uhlele ukufinyelela komsebenzisi kunethiwekhi enezintambo nezintambo, i-Captive Portal, i-NAT, i-VPN (IPsec, i-OpenVPN) ne-PPPoE ingasetshenziswa. Amakhono anhlobonhlobo asekelwa ukukhawulela umkhawulokudonsa, ukukhawulela inombolo yokuxhumeka ngesikhathi esisodwa, ukuhlunga ithrafikhi nokudala ukucushwa okubekezelela amaphutha okusekelwe ku-CARP. Izibalo zokusebenza ziboniswa ngendlela yamagrafu noma ngendlela yethebula. Ukugunyazwa kusekelwa kusetshenziswa isizinda somsebenzisi wendawo, kanye ne-RADIUS ne-LDAP.
Izinguquko ezibalulekile:
- Ngokuzenzakalelayo, ukufakwa manje kusebenzisa uhlelo lwefayela le-ZFS.
- Iwijethi entsha yengeziwe ukuze kulinganiswe isikhala samahhala sediski, esithathe indawo yohlu ngamapharamitha ediski kuwijethi Yolwazi Lwesistimu.
- Umsebenzi wenziwa ukuthuthukisa ukuzinza nokusebenza kwe-IPsec. Igama lezixhumanisi zenethiwekhi ye-IPsec VTI lishintshiwe (izilungiselelo ezikhona zizobuyekezwa ngokuzenzakalelayo). Amawijethi okubonisa isimo se-IPsec anwetshiwe futhi alungiswa.
- I-AutoConfigBackup ixazulula izinkinga ngokubambezeleka kokuvula ikhasi ngenkathi ukulondoloza ikhophi kusaqhubeka.
- Iphasiwedi ezenzakalelayo ye-hashing algorithm ithi SHA-512 esikhundleni se-bcrypt.
- Kuthuthukiswe ikhasi lokunqamula okungenantambo ku-Captive Portal.
- I-tmpfs FS isetshenziselwa ukusebenzisa amadiski e-RAM.
Source: opennet.ru