Ukukhishwa kwekhithi yokusabalalisa yokudala ama-firewall OPNsense 22.1 kwenzeka, okuyigatsha lephrojekthi ye-pfSense, eyakhiwe ngenhloso yokwakha ikhithi yokusabalalisa evuleke ngokuphelele engaba nokusebenza ezingeni lezixazululo zezentengiso zokuphakela izindonga zomlilo kanye namasango enethiwekhi. . Ngokungafani ne-pfSense, iphrojekthi ibekwe njengengalawulwa yinkampani eyodwa, ithuthukiswe ngokubamba iqhaza okuqondile komphakathi futhi inenqubo yentuthuko esobala ngokuphelele, kanye nokunikeza ithuba lokusebenzisa noma yikuphi ukuthuthukiswa kwayo emikhiqizweni yezinkampani zangaphandle, okuhlanganisa nezohwebo. eyodwa. Ikhodi yomthombo yezingxenye zokusabalalisa, kanye namathuluzi asetshenziselwa ukuhlanganisa, asatshalaliswa ngaphansi kwelayisensi ye-BSD. Imihlangano ilungiswa ngendlela ye-LiveCD kanye nesithombe sohlelo sokuqoshwa kuma-Flash drives (339 MB).
Okuqukethwe okuyisisekelo kokusabalalisa kusekelwe kukhodi ye-FreeBSD. Phakathi kwezici ze-OPNsense kukhona ikhithi yamathuluzi yokwakha evuleke ngokuphelele, ikhono lokufaka ngendlela yamaphakheji ngaphezulu kwe-FreeBSD evamile, amathuluzi okulinganisa umthwalo, isixhumi esibonakalayo sewebhu sokuhlela ukuxhumana kwabasebenzisi kunethiwekhi (ingosi yokuthunjwa), ukuba khona kwezinqubo. ukulandelela izifundazwe zokuxhumanisa (i-firewall esemthethweni esekelwe ku-pf), ukubeka imingcele yomkhawulokudonsa, ukuhlunga kwethrafikhi, ukudala i-VPN esekelwe ku-IPsec, i-OpenVPN ne-PPTP, ukuhlanganiswa ne-LDAP ne-RADIUS, ukusekelwa kwe-DDNS (Dynamic DNS), uhlelo lwemibiko ebonakalayo kanye amagrafu.
Ukusabalalisa kunikeza amathuluzi okudala ukucushwa okubekezelela amaphutha okusekelwe ekusetshenzisweni kwephrothokholi ye-CARP futhi kukuvumela ukuthi uqalise, ngaphezu kwe-firewall eyinhloko, i-node yokusekelayo ezovumelaniswa ngokuzenzakalelayo ezingeni lokumisa futhi izothatha umthwalo isenzakalo sokuhluleka kwe-node eyinhloko. Umlawuli unikezwa isixhumi esibonakalayo sesimanje nesilula sokumisa i-firewall, eyakhiwe kusetshenziswa uhlaka lwewebhu lwe-Bootstrap.
Phakathi kwezinguquko:
- Ushintsho oluya egatsheni le-FreeBSD 13-STABLE lwenziwe (inguqulo yangaphambilini ibisekelwe ku-HardenedBSD 12.1).
- Kunikezwe inkomba kulogu yolwazi mayelana nezinga lobunzima bomlayezo (ubunzima) bokuhlunga amalogi ngaleli nani.
- Insiza ye-opnsense-log ifakiwe ekuhloleni amalogi.
- Amathuluzi okukhipha i-sysctl engeziwe ohlakeni lokushintshwa kwezinto.
- Inqubo yokulayisha nokulungisa izixhumi ezibonakalayo zenethiwekhi isheshisiwe. Inguquko ekusebenziseni i-LUA bootloader yenziwe.
- Izinguqulo ezibuyekeziwe zezinhlelo ezengeziwe ezivela emachwebeni, isibonelo, filterlog 0.6, hostapd 2.10, lighttpd 1.4.63, nss 3.74, openssl 1.1.1m, openvpn 2.5.5, php 7.4.27, sqlite 3.37.2-ng. 3.35.1, khulula 1.14.0, wpa_supplicant 2.10.
Source: opennet.ru