I-nftables 1.0.7 sele ikhutshwe kwaye ezi ziindaba zayo

Iifayile zeNFT

I-nftables yiprojekthi ebonelela ngokucoca ipakethi kunye nokuhlelwa kwepakethi kwiLinux

Ukukhutshwa kwefayile ye-nftables ye-1.0.7 packet filter ishicilelwe, ehamba nophuculo oluthile, izilungiso kunye nezinye izinto ezintsha.

Kwabo bangaqhelanga nftables, kuya kufuneka uyazi ukuba oku idibanisa ujongano lwepakethi yokucoca ye-IPv4, IPv6, ARP, kunye ne-network bridging (ecebe ukuthatha indawo yee-iptables, ip6table, arptables, kunye nee-ebtables). Ngelo xesha, ilayibrari ye-libnftnl ye-1.2.3 yeqabane yakhululwa, ebonelela nge-API ephantsi yokudibanisa kunye ne-nf_tables subsystem.

Iiphakheji ezingenanto kubandakanya izinto zepakethi yeefilitha ezisebenza kwisithuba somsebenzisi, Ngelixa kwinqanaba le-kernel, i-nf_tables subsystem ibonelela ngenxalenye yeLinux kernel ukusukela kwinguqulelo 3.13.

Kwinqanaba eliphambili, kuphela inikeza ujongano oluqhelekileyo oluzimeleyo kwiprotocol ethile kwaye ibonelela imisebenzi esisiseko ukukhupha idatha kwiipakethi, ukwenza imisebenzi yedatha kunye nokulawula ukuhamba.

Las Imithetho yokuhluza ngokuthe ngqo kunye nabaqhubi abathile zidityaniswa zenziwa i-bytecode kwisithuba somsebenzisi, emva koko le bytecode ilayishwe kwi-kernel isebenzisa isikhombimsebenzisi se-Netlink kwaye yenziwe kwi-kernel kumatshini okhethekileyo ofana neBPF (iBerkeley Packet Filters).

Iimpawu ezintsha eziphambili zeNftable 1.0.7

Kolu guqulelo olutsha oluvela nftables 1.0.7, kuba Linux 6.2+ iinkqubo zekernel, yongezwe inkxaso ye-vxlan, i-geneve, i-gre kunye ne-gretap protocol ehambelanayo, evumela amabinzana alula ukujonga iiheader kwiipakethi ezigqunyiweyo.

Umzekelo, ukujonga idilesi ye-IP kwiheda yepakethe ye-VxLAN enendlwana, ngoku ungasebenzisa imigaqo (ngaphandle kwesidingo sokuqala ukukhupha i-header ye-VxLAN kwaye ubophe isihluzo kwi-interface ye-vxlan0):

Ukongeza koku, kukwagxininiswa ukubakunye nokuphunyezwa kwenkxaso yokudibanisa okuzenzekelayo kweentsalela emva kokususwa kwenxenye yento kuluhlu loqwalaselo, ukuvumela into okanye inxalenye yoluhlu ukuba isuswe kuluhlu olukhoyo (ngaphambili, uluhlu lwalunokususwa kuphela ngokupheleleyo).

Ngokomzekelo, emva kokususa into ye-25 kuluhlu olusetiweyo kunye noluhlu lwe-24-30 kunye ne-40-50, i-24, i-26-30, kunye ne-40-50 iya kuhlala kuluhlu. Ukulungiswa okufunekayo ukuze kudityaniswe ngokuzenzekelayo ukusebenza kuya kubonelelwa kwi-patch releases ye-5.10+ yamasebe e-kernel azinzileyo.

Kukwaphawulwe ukuba yongezwa inkxaso yebinzana elithi "yokugqibela", que ivumela ukufumana ixesha lokugqibela isiqalelo somthetho okanye uluhlu loqwalaselo lusetyenzisiwe. Eli nqaku liye laxhaswa ukususela kwi-Linux kernel 5.14.

Kwelinye icala, kuyacaciswa ukuba umyalelo omtsha "wokutshabalalisa" wongeziwe ukususa izinto ngaphandle kwemiqathango (ngokungafaniyo nomyalelo wokususa, ayiphakamisi i-ENOENT xa uzama ukususa into engekhoyo). Ifuna ubuncinane i-Linux 6.3-rc kernel ukuze isebenze.

  • Ukusetyenziswa kwe-constants kwi-set-lists kuvumelekile. Umzekelo, usebenzisa uluhlu lwedilesi yendawo kunye neVLAN ID njengesitshixo, ungacacisa ngokuthe ngqo inombolo yeVLAN (daddr . 123):
  • Kongezwe amandla okuchaza izabelo kuluhlu loqwalaselo. Umzekelo, ukuchaza umlinganiselo wetrafikhi kwindawo nganye yokufikela yedilesi ye-IP, ungakhankanya .
  • Vumela abafowunelwa kunye noluhlu ukuba lusetyenziswe kwidilesi yoguqulelo (NAT) imaphu.

Gqibela kwabo banomdla wokwazi okungakumbi ngayo Malunga nale nguqulo intsha, unokujonga iinkcukacha Kule khonkco ilandelayo.

Uyifaka njani ingxelo entsha yenftables 1.0.7?

Kwabo banomdla wokukwazi ukufumana inguqulelo entsha ye-nftables 1.0.7 Okwangoku kuphela ikhowudi yemvelaphi enokudityaniswa kwindlela yakho. Nangona kwisithuba seentsuku esele zihlanganisiwe iiphakheji yokubini iya kufumaneka kulwabiwo olwahlukileyo lweLinux.

Ukuqokelela, kuya kufuneka ufake ezi zixhomekeke zilandelayo:

Ezi zinokudityaniswa kunye:

./autogen.sh
./configure
make
make install

Kwaye ii-nftables 1.0.5 siyikhuphela kuyo eli khonkco lilandelayo. Ukudityaniswa kwenziwa ngale miyalelo ilandelayo:

cd nftables
./autogen.sh
./configure
make
make install

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.