I-Firewalld 2.2, i-firewall elawulwa ngokuguquguqukayo esetshenziswa njengesivikelo esizungeze izihlungi zephakethe ze-nftables kanye ne-iptables, ikhishwe. I-Firewalld isebenza njengenqubo yangemuva, ivumela ukushintsha komthetho wesihlungi sephakethe esiguquguqukayo nge-D-Bus, ngaphandle kokulayisha kabusha imithetho yesihlungi sephakethe noma ukuphazamisa ukuxhumana okusunguliwe. Le phrojekthi isivele isetshenziswa ekusakazweni okuningi. Linux, kufaka phakathi i-RHEL 7+, i-Fedora 18+, kanye ne-SUSE/openSUSE 15+. Ikhodi ye-firewalld ibhalwe nge-Python futhi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2.
Ukuphatha i-firewall, kusetshenziswa i-firewall-cmd utility, engancikile ku- Amakheli e-IP, izixhumi zenethiwekhi, nezinombolo ze-port, kanye namagama esevisi (isibonelo, ukuvula ukufinyelela kwe-SSH, sebenzisa i-"firewall-cmd --add --service=ssh"; ukuvala i-SSH, sebenzisa i-"firewall-cmd --remove --service=ssh"). I-interface yesithombe se-firewall-config (GTK) kanye ne-applet ye-firewall (Qt) nazo zingasetshenziswa ukushintsha ukucushwa kwe-firewall. Ukusekelwa kokuphathwa kwe-firewall nge-firewalld D-BUS API kuyatholakala kumaphrojekthi afana ne-NetworkManager, libvirt, podman, docker, kanye ne-fail2ban.
Izinguquko ezibalulekile:
- Amasevisi angeziwe ukuze asekele amaphrothokholi e-STUN ne-STUNS.
- Kwengezwe isevisi yethrafikhi ye-Steam kunethiwekhi yendawo.
- Isevisi eyengeziwe ye-MNDP (MikroTik Neighbor Discovery Protocol).
- Kungezwe isevisi yefayela iseva I-XRootD.
- Isevisi eyengeziwe yephrothokholi ye-WS-Discovery (Web Services Dynamic Discovery).
- Izinsizakalo ezingeziwe zomsebenzi wenethiwekhi wezinsiza zokulinganisa i-iperf2 kanye ne-iperf3 yomkhawulokudonsa.
- Amathebula anamafulegi "umnikazi" kanye "nokuqhubeka" avunyelwe ukuthi asetshenziswe kuma-nfttables.
- Kungezwe usekelo lwezindlela zokusebenza ze-rpfilter (Reverse Path Filter): ukuya phambili okuqinile, okuya phambili okuxekethile, nokuxega.
Source: opennet.ru
