Ngemuva kwezinyanga eziyisi-6 zokuthuthukiswa ukukhishwa kwekhithi yokusabalalisa yokudala ama-firewall , okuyimfoloko yephrojekthi ye-pfSense, edalwe ngenhloso yokwenza ukusabalalisa okuvuleke ngokuphelele okungaba nokusebenza kwezixazululo zezentengiselwano zokuthumela izindonga zomlilo kanye namasango enethiwekhi. Ngokungafani ne-pfSense, iphrojekthi ibekwe njengengalawulwa yinkampani eyodwa, ithuthukiswe ngokubamba iqhaza okuqondile komphakathi futhi inenqubo yentuthuko esobala ngokuphelele, kanye nokunikeza ithuba lokusebenzisa noma yikuphi ukuthuthukiswa kwayo emikhiqizweni yezinkampani zangaphandle, okuhlanganisa nezohwebo. eyodwa. Imibhalo yomthombo yezingxenye zokusabalalisa, kanye namathuluzi asetshenziselwa ukuhlanganisa, ngaphansi kwelayisensi ye-BSD. Imihlangano ngesimo se-LiveCD nesithombe sohlelo sokuqoshwa kuma-Flash drives (290 MB).
Okuqukethwe okuyisisekelo kokusabalalisa kusekelwe kukhodi , esekela imfoloko evumelanisiwe ye-FreeBSD, ehlanganisa izindlela zokuphepha ezengeziwe nezindlela zokulwa nokuxhashazwa kobungozi. Phakathi I-OPNsense ingahlukaniswa ngekhithi yamathuluzi yomhlangano evuleke ngokuphelele, amandla okufaka ngendlela yamaphakheji ngaphezulu kwe-FreeBSD ejwayelekile, amathuluzi okulinganisa ukulayisha, isixhumi esibonakalayo sewebhu sokuhlela ukuxhumana kwabasebenzisi kunethiwekhi (ingosi yokuthunjwa), ukuba khona kwezinqubo ze ukulandelela ukuxhumanisa (i-firewall esemthethweni esekelwe ku-pf), ukubeka imikhawulo yomkhawulokudonsa, ukuhlunga kwethrafikhi, ukudala i-VPN esekelwe ku-IPsec, i-OpenVPN ne-PPTP, ukuhlanganiswa ne-LDAP ne-RADIUS, ukusekelwa kwe-DDNS (Dynamic DNS), uhlelo lwemibiko ebonakalayo namagrafu. .
Ngaphezu kwalokho, ukusatshalaliswa kunikeza amathuluzi okudala ukucushwa okubekezelela amaphutha okusekelwe ekusetshenzisweni kwephrothokholi ye-CARP futhi kukuvumela ukuthi uqalise, ngaphezu kwe-firewall eyinhloko, i-node yokusekelayo ezovumelaniswa ngokuzenzakalelayo ezingeni lokucushwa futhi izothatha izintambo. umthwalo uma kwenzeka ukwehluleka kwenodi eyinhloko. Umlawuli unikezwa isixhumi esibonakalayo sesimanje nesilula sokumisa i-firewall, eyakhiwe kusetshenziswa uhlaka lwewebhu lwe-Bootstrap.
Enguqulweni entsha:
- Ikhono elakhelwe ngaphakathi lokuthumela izingodo kuseva ekude kusetshenziswa i-Syslog-ng;
- Kwengezwe uhlu oluhlukile lokubuka imithetho yesihlungi sephakethe ekhiqizwa ngokuzenzakalelayo;
- Izibalo ezingeziwe zayo yonke imithetho yesihlungi sephakethe;
- Ukuphatha okuthuthukisiwe emithethweni ye-firewall (ikuvumela ukuthi usebenzise okuguquguqukayo esikhundleni sezisingathi, izinombolo zembobo kanye namanethi angaphansi). Kwengezwe amandla okungenisa nokuthekelisa iziteketiso ngefomethi ye-JSON. Kukhona ikhono lokuzikhethela lokugcina izibalo zamagama mbumbulu;
- Ikhodi yokucubungula nokushintsha amasango isibhalwe kabusha;
- Isebenzise ikhono lokuvumelanisa amaqembu e-LDAP;
- Kwengezwe ikhono lokuthumela izicelo zokusayina isitifiketi;
- Ukwesekwa okwengeziwe kwemizila yokudlulisela nge-IPsec (VTI);
- Ukuvumelanisa iziteketiso, ama-VHID namawijethi kwenziwa nge-XMLRPC;
- Kwengezwe amandla okuqinisekisa kummeleli Wewebhu kanye ne-IPsec nge-PAM;
- Ukwesekwa okwengeziwe kokuxhuma ngeketango lommeleli;
- Sethule ikhono lokusebenzisa amaqembu ukulungisa amalungelo oxhumano lommeleli;
- Ama-plugin e-Netdata, WireGuard, Maltrail and Mail-Backup (PGP) aselungisiwe. Amaseva e-Dpinger kanye ne-DHCP afakwe kusistimu ye-plugin;
- Izinguqulo ezithuthukisiwe zesiRashiya;
- Kusetshenziswa izinguqulo ezintsha ze-Bootstrap 3.4, LibreSSL 2.9, Unbound 1.9, PHP 7.2, Python 3.7 kanye ne-squid 4.
Source: opennet.ru