Ukukhishwa kwekhithi yokusabalalisa yokudala ama-firewall OPNsense 22.7 kushicilelwe, okuyigatsha lephrojekthi ye-pfSense, eyakhiwe ngenhloso yokwenza ikhithi yokusabalalisa evuleke ngokuphelele engase ibe nokusebenza ezingeni lezixazululo zezentengiselwano zokuthumela izindonga zomlilo kanye nenethiwekhi. amasango. Ngokungafani ne-pfSense, iphrojekthi ibekwe njengengalawulwa yinkampani eyodwa, ithuthukiswe ngokubamba iqhaza okuqondile komphakathi futhi inenqubo yentuthuko esobala ngokuphelele, kanye nokunikeza ithuba lokusebenzisa noma yikuphi ukuthuthukiswa kwayo emikhiqizweni yezinkampani zangaphandle, okuhlanganisa nezohwebo. eyodwa. Ikhodi yomthombo yezingxenye zokusabalalisa, kanye namathuluzi asetshenziselwa ukuhlanganisa, asatshalaliswa ngaphansi kwelayisensi ye-BSD. Imihlangano ilungiswa ngendlela ye-LiveCD kanye nesithombe sohlelo sokuqoshwa kuma-Flash drives (347 MB).
Okuqukethwe okuyisisekelo kokusabalalisa kusekelwe kukhodi ye-FreeBSD. Phakathi kwezici ze-OPNsense kukhona ikhithi yamathuluzi yokwakha evuleke ngokuphelele, ikhono lokufaka ngendlela yamaphakheji ngaphezulu kwe-FreeBSD evamile, amathuluzi okulinganisa umthwalo, isixhumi esibonakalayo sewebhu sokuhlela ukuxhumana kwabasebenzisi kunethiwekhi (ingosi yokuthunjwa), ukuba khona kwezinqubo. ukulandelela izifundazwe zokuxhumanisa (i-firewall esemthethweni esekelwe ku-pf), ukubeka imingcele yomkhawulokudonsa, ukuhlunga kwethrafikhi, ukudala i-VPN esekelwe ku-IPsec, i-OpenVPN ne-PPTP, ukuhlanganiswa ne-LDAP ne-RADIUS, ukusekelwa kwe-DDNS (Dynamic DNS), uhlelo lwemibiko ebonakalayo kanye amagrafu.
Ukusabalalisa kunikeza amathuluzi okudala ukucushwa okubekezelela amaphutha okusekelwe ekusetshenzisweni kwephrothokholi ye-CARP futhi kukuvumela ukuthi uqalise, ngaphezu kwe-firewall eyinhloko, i-node yokusekelayo ezovumelaniswa ngokuzenzakalelayo ezingeni lokumisa futhi izothatha umthwalo isenzakalo sokuhluleka kwe-node eyinhloko. Umlawuli unikezwa isixhumi esibonakalayo sesimanje nesilula sokumisa i-firewall, eyakhiwe kusetshenziswa uhlaka lwewebhu lwe-Bootstrap.
Phakathi kwezinguquko:
- Ushintsho oluya egatsheni le-FreeBSD 13.1 lwenziwe.
- Izinguqulo ezibuyekeziwe zezinhlelo ezengeziwe ezivela emachwebeni, isibonelo, PHP 8.0.20, Phalcon 5, sqlite 3.39.0, suricata 6.0.6, unbound 1.16.1.
- Usekelo olungeziwe lwe-Intel QuickAssist (QAT).
- Usekelo olungeziwe lobuchwepheshe be-VLAN Estakiwe (i-multilayer encapsulation yamathegi e-VLAN).
- Kusetshenziswe indlela yokuvikela i-DDoS kusetshenziswa ikhukhi le-SYN.
- Kwengezwe ama-plugin we-APCUPSD nama-CrowdSec.
Source: opennet.ru