ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kwe-firewalld 2.4.0

Ukukhishwa kwe-firewalld 2.4.0

I-Firewalld 2.4.0, i-firewall elawulwa ngokuguquguqukayo esetshenziswa njengesivikelo esizungeze izihlungi zephakethe ze-nftables kanye ne-iptables, ikhishwe. I-Firewalld isebenza njengenqubo yangemuva, ivumela ukushintsha komthetho wesihlungi sephakethe esiguquguqukayo nge-D-Bus, ngaphandle kokulayisha kabusha imithetho yesihlungi sephakethe noma ukuphazamisa ukuxhumana okusunguliwe. Le phrojekthi isivele isetshenziswa ekusakazweni okuningi. Linux, kufaka phakathi i-RHEL 7+, i-Fedora 18+, kanye ne-SUSE/openSUSE 15+. Ikhodi ye-firewalld ibhalwe nge-Python futhi isatshalaliswa ngaphansi kwelayisensi ye-GPLv2.

Ukuphatha i-firewall, kusetshenziswa i-firewall-cmd utility, engancikile ku- Amakheli e-IP, izixhumi zenethiwekhi, nezinombolo ze-port, kanye namagama esevisi (isibonelo, ukuvula ukufinyelela kwe-SSH, sebenzisa i-"firewall-cmd --add --service=ssh"; ukuvala i-SSH, sebenzisa i-"firewall-cmd --remove --service=ssh"). I-interface yesithombe se-firewall-config (GTK) kanye ne-applet ye-firewall (Qt) nazo zingasetshenziswa ukushintsha ukucushwa kwe-firewall. Ukusekelwa kokuphathwa kwe-firewall nge-firewalld D-BUS API kuyatholakala kumaphrojekthi afana ne-NetworkManager, libvirt, podman, docker, kanye ne-fail2ban.

Izinguquko ezibalulekile:

  • Isethi yemithetho "yesango" yengeziwe, ehlanganisa ukusebenza kwerutha yasekhaya evamile (okuhlanganisa i-NAT, izibambi ze-contrack, nokuqondisa kabusha kwethrafikhi phakathi kwezindawo). Isibonelo sokumisa isango ngezixhumi ezibonakalayo zenethiwekhi zangaphakathi nezangaphandle kusetshenziswa isethi yemithetho "yesango": i-firewall-cmd --permanent --zone yangaphakathi --add-interface eth0 firewall-cmd --permanent --zone outside --add-interface eth1 firewall-cmd --permanent --inqubomgomo-load-firewall-cmd isango
  • Ifulegi elithi "khubaza" selisetshenzisiwe elingasetshenziswa kuzilungiselelo ze-XML, insiza yomugqa womyalo, noma nge-DBus ukukhubaza imithetho ngayinye namasethi enqubomgomo.
  • Ubukhulu bosayizi wamagama emithetho bukhulisiwe kusukela kuzinhlamvu eziyi-17 kuya kweziyi-128.
  • Kwengezwe isevisi ye-gitea yenkundla yokuthuthukisa ngokubambisana yegama elifanayo (TCP port 3000).
  • Kwengezwe isevisi ye-syslog-ng yohlelo lokugawula lwegama elifanayo (izimbobo 514, 601 kanye ne-6514).
  • Isevisi ye-proxy-http engeziwe yommeleli we-HTTP/HTTPS, njenge-squid (TCP port 3128).
  • Isevisi yamasokisi engeziwe ye-proxyamaseva ngokusetshenziswa kwephrothokholi ye-SOCKS (i-TCP port 1080).

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster