I-nftables 0.9.4 ilapha kwaye ezi zezona nguqu zibalulekileyo

Zimbalwa iintsuku ezidlulileyo ukumiliselwa kwenguqulelo entsha yepakethi yecebo lokucoca "ii-nftables 0.9.4" kwabhengezwa, que iphuhliswa njengendawo yokubuyisela i-iptables, ip6table, arptable kunye neebtables ngenxa yokudityaniswa kwepakethi yokucoca indawo ye-IPv4, IPv6, ARP kunye neebhlorho zenethiwekhi.

Iiphakheji ezingenanto kubandakanya izinto zepakethi yeefilitha ezisebenza kwisithuba somsebenzisi, Ngelixa kwinqanaba le-kernel, i-nf_tables subsystem ibonelela ngenxalenye yeLinux kernel ukusukela kwinguqulelo 3.13.

Kwinqanaba eliphambili, kuphela inikeza ujongano oluqhelekileyo oluzimeleyo kwiprotocol ethile kwaye ibonelela imisebenzi esisiseko ukukhupha idatha kwiipakethi, ukwenza imisebenzi yedatha kunye nokulawula ukuhamba.

Las Imithetho yokuhluza ngokuthe ngqo kunye nabaqhubi abathile zidityaniswa zenziwa i-bytecode kwisithuba somsebenzisi, emva koko le bytecode ilayishwe kwi-kernel isebenzisa isikhombimsebenzisi se-Netlink kwaye yenziwe kwi-kernel kumatshini okhethekileyo ofana neBPF (iBerkeley Packet Filters).

Indlela enjalo inokunciphisa kakhulu ubungakanani bekhowudi yokuhluza esebenza kwinqanaba le-kernel kunye nokuphelisa yonke imisebenzi yokuhambisa imigaqo kunye nengcinga yokusebenza kunye neeprotokholi kwindawo yomsebenzisi.

Iimpawu ezintsha eziphambili zeNftable 0.9.4

Lonke utshintsho olufunekayo yeenguqu ezingafaniyo 0.9.4 yoguqulelo lokusebenza zibandakanyiwe kwisebe le I-Linux kernel 5.6 kwaye kuyo Inkxaso kumanqanaba ngokudityaniswa "Ukuhlanganisana, iidilesi ezithile kunye neepakethe zezibuko ezenza lula isabelo."

Umzekelo, kuseto lwe "whitelists" ezinemixokelelwano yokudityaniswa, isikhombisi sesalathi "uluhlu" siya kubonisa ukuba iseti inokubandakanya amanqanaba emanyano.

Kongezelelwa amandla okusebenzisa ukujoyina amakhonkco eNAT, Ukuvumela ukuba uchaze idilesi kunye nezibuko xa uchaza iinguqu ze-NAT ngokusekwe kuluhlu lwemephu okanye iiseti ezinamagama.

Ukongeza, i Inkxaso yokukhawulezisa izixhobo nokususwa kwemisebenzi ethile yokuhluza. Ukukhawulezisa Inikwe amandla ngokusetyenziswa kwe-ethtool ( 'I-ethtool -K eth0 hw-tc-yokukhutshelwa kwi"), Emva koko iyatshisa kwii-nftable zekhonkco eliphambili usebenzisa iflegi" yokothula ".

Xa usebenzisa i-Linux kernel 5.6, ukukhawulezisa izixhobo kuyaxhaswae ukutshatisa umhlaba we-header kunye nokuqinisekisa ujongano olungenayo ngokudibeneyo nokufumana, ukulahla, ukuphinda kabini (ukuphinda) kunye nokudlulisa iipakethi (fwd).

Kwiiseti kunye noluhlu lweemephu, kunokwenzeka ukuba usebenzise "uhloboof" isikhokelo, esimisela ifomathi yento xa kuthelekiswa.

Olunye utshintsho evelele kolu hlobo:

  • Ukuphucula ukunika ingxelo ngendawo yegciwane kwimithetho.
  • Yongeze inkxaso yokuqinisekisa ujongano lwekhoboka ngokuchaza "Meta sdif" okanye «meta sdif igama«
  • Yongeze inkxaso yokuskrolela ekunene okanye ekhohlo. Umzekelo, ukutshintsha ileyibhile yepakethi esele ikho ngasekhohlo nge-1 bit kwaye usete eyona incinci iye kwi-1.
  • Ukuphunyezwa kokhetho "-V" ukubonisa ulwazi. Ukukhethwa komgca wokuyalela kufuneka ngoku kuchazwe ngaphambi kwemiyalelo. Umzekelo, kufuneka ukhankanye «nft-uluhlu lwemithetho»Kwaye uphumeze«Uluhlu lolawulo olusisiseko -a»Iya kuvelisa impazamo.

Uyifaka njani ingxelo entsha yenftables 0.9.4?

Kulungiselelwe abo banomdla wokukwazi ukufumana uhlobo olutsha lwee-nftables 0.9.4 Okwangoku kuphela ikhowudi yemvelaphi enokudityaniswa kwindlela yakho. Nangona kwisithuba seentsuku esele zihlanganisiwe iiphakheji yokubini iya kufumaneka kulwabiwo olwahlukileyo lweLinux.

Ukuqokelela, kuya kufuneka ufake ezi zixhomekeke zilandelayo:

Ezi zinokudityaniswa kunye:

./autogen.sh
./configure
make
make install

Kwaye ii-nftables 0.9.4 siyikhuphela kuyo eli khonkco lilandelayo. Ukudityaniswa kwenziwa ngale miyalelo ilandelayo:

cd nftables
./autogen.sh
./configure
make
make install


Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.