I-nftables 1.0.7 isivele ikhishwe futhi lezi yizindaba zayo

Darkcrizt

Imizuzu ye-4

Amathebula we-NFT

I-nftables iphrojekthi ehlinzeka ngokuhlunga kwephakethe kanye nokuhlukaniswa kwephakethe ku-Linux

Ukukhishwa kwesihlungi sephakethe se-nftables 1.0.7 kushicilelwe, esiza nokuthuthuka okuthile, izilungiso kanye nezici ezintsha.

Kulabo abangawazi ama-nftables, kufanele wazi ukuthi lokhu ihlanganisa izixhumanisi zokuhlunga iphakethe ze-IPv4, IPv6, ARP, kanye ne-network bridging (ihloselwe ukufaka esikhundleni sama-iptables, ip6table, arptables, nama-ebtables). Ngesikhathi esifanayo, ilabhulali engumngane we-libnftnl 1.2.3 yakhululwa, ehlinzeka nge-API yezinga eliphansi lokusebenzisana nesistimu engaphansi ye-nf_tables.

Iphakethe le-nftables kufaka phakathi izinto zokuhlunga iphakethe ezisebenza esikhaleni somsebenzisi, ngenkathi usezingeni le-kernel, i-nf_tables subsystem inikeza ingxenye ye-Linux kernel kusukela enguqulweni engu-3.13.

Ezingeni eliyinhloko, kuphela inikeza isikhombimsebenzisi esijwayelekile esizimele ku-protocol ezithile futhi unikeze imisebenzi eyisisekelo ukukhipha idatha kumaphakethe, ukwenza imisebenzi yedatha nokulawula ukugeleza.

I-Las imithetho yokuhlunga eqondile kanye nabashayeli abaqondene ngqo nomthetho olandelwayo ahlanganiswa abe yi-bytecode esikhaleni somsebenzisi, ngemuva kwalokho le-bytecode ilayishwe ku-kernel kusetshenziswa isikhombimsebenzisi se-Netlink bese isetshenziswa ku-kernel emshinini okhethekile obukeka njenge-BPF (Berkeley Packet Filters).

Izici ezintsha eziyinhloko zeNftables 1.0.7

Kule nguqulo entsha evela ku-nftables 1.0.7, ye- Linux 6.2+ kernel systems, kwengezwe ukusekelwa kwe-vxlan, i-geneve, i-gre ne-gretap protocol yokufanisa, okuvumela izinkulumo ezilula ukuhlola izihloko kumaphakethe ahlanganisiwe.

Isibonelo, ukuze uhlole ikheli lasesizindeni se-inthanethi kunhlokweni yephakethe le-VxLAN elisesidlekeni, manje ungasebenzisa imithetho (ngaphandle kwesidingo sokuqala uvule unhlokweni we-VxLAN bese ubopha isihlungi kusixhumi esibonakalayo se-vxlan0):

Ngaphezu kwalokhu, kubuye kugqanyiswe ukuthifuthi kwafaka ukusekelwa kokuhlanganiswa okuzenzakalelayo kwezinsalela ngemva kokususwa kwengxenye yento ohlwini lokucushwa, ukuvumela into noma ingxenye yobubanzi ukuthi ikhishwe kububanzi obukhona (ngaphambilini, ububanzi bebungakhishwa kuphela buphelele).

Isibonelo, ngemva kokukhipha into engu-25 ohlwini olusethwe ngobubanzi 24-30 kanye no-40-50, 24, 26-30, kanye no-40-50 kuzohlala ohlwini. Ukulungiswa okudingekayo ukuze kuhlanganiswe ngokuzenzakalela ukuze kusebenze kuzonikezwa ekukhishweni kweziqephu zamagatsha e-kernel azinzile angu-5.10+.

Kuyaziwa futhi ukuthi ingeziwe ukusekela inkulumo ethi "wokugcina", ukuthi ivumela ukuthola isikhathi sokugcina lapho i-elementi yomthetho noma uhlu lokumisa lusetshenziswe. Lesi sici sisekelwe kusukela ku-Linux kernel 5.14.

Ngakolunye uhlangothi, futhi kuqokonyiswa lokho umyalo omusha "wokubhubhisa" wengeziwe ukususa izinto ngaphandle kwemibandela (ngokungafani nomyalo wokususa, ayiphakamisi i-ENOENT lapho izama ukususa into engekho). Kudinga okungenani i-Linux 6.3-rc kernel ukuze isebenze.

  • Ukusetshenziswa kwama-constants ohlwini lwamasethi kuvunyelwe. Isibonelo, usebenzisa uhlu lwekheli okuyiwa kulo kanye ne-VLAN ID njengokhiye, ungacacisa ngokuqondile inombolo ye-VLAN (daddr . 123):
  • Kwengezwe ikhono lokuchaza ama-quota ohlwini lokucushwa. Isibonelo, ukuze uchaze isilinganiso sethrafikhi sekheli le-IP ngalinye lendawo, ungacacisa .
  • Vumela abathintwayo nobubanzi obuzosetshenziswa ekuhumusheni kwekheli (NAT).

Okokugcina kulabo abanentshisekelo yokwazi kabanzi ngalo Mayelana nale nguqulo entsha, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.

Ungayifaka kanjani inguqulo entsha yama-nftables 1.0.7?

Kulabo abanentshisekelo yokuthola inguqulo entsha ye-nftables 1.0.7 okwamanje ikhodi yomthombo kuphela engahlanganiswa kusistimu yakho. Yize ezinsukwini ezimbalwa amaphakheji kanambambili ahlanganisiwe azotholakala ngaphakathi kokusatshalaliswa okwehlukile kweLinux.

Ukuze uhlanganise, kufanele ube nokuncika okulandelayo okufakiwe:

Lokhu kungahlanganiswa no:

./autogen.sh
./configure
make
make install

Futhi i-nftables 1.0.5 siyilanda kusuka ku- isixhumanisi esilandelayo. Futhi ukuhlanganiswa kwenziwa ngemiyalo elandelayo:

cd nftables
./autogen.sh
./configure
make
make install

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.