Firewalls are essential components in cybersecurity that control incoming and outgoing network traffic based on predetermined security rules. Firewalls can be categorized in several ways based on how they operate and where they are deployed.

Here’s a breakdown of types of firewalls:

🔹 1. Packet-Filtering Firewalls

How it works: Inspects packets (headers) and allows or blocks them based on IP addresses, ports, or protocols.

Layer: Network Layer (Layer 3)

Pros: Fast and simple

Cons: Doesn’t inspect payloads; limited protection against complex threats

🔹 2. Stateful Inspection Firewalls

How it works: Tracks the state of active connections and makes decisions based on the context of the traffic (e.g., TCP handshake).

Layer: Network & Transport Layers (Layer 3 & 4)

Pros: More secure than packet-filtering; tracks connection state

Cons: More resource-intensive than stateless filtering

🔹 3. Application-Level Gateways (Proxy Firewalls)

How it works: Acts as a proxy between users and the resources they access, inspecting the actual data (e.g., HTTP traffic).

Layer: Application Layer (Layer 7)

Pros: Deep inspection of traffic; can log and filter based on content

Cons: Slower performance; more complex to manage

🔹 4. Next-Generation Firewalls (NGFW)

How it works: Combines traditional firewall with advanced features like:

Deep Packet Inspection (DPI)

Intrusion Detection/Prevention (IDS/IPS)

Application awareness

User identity tracking


Layer: Multi-layer (3 to 7)

Pros: Advanced threat detection, modern security capabilities

Cons: Expensive; requires skilled admins

🔹 5. Circuit-Level Gateways

How it works: Monitors TCP handshakes and sessions without inspecting packet contents.

Layer: Session Layer (Layer 5)

Pros: Lightweight and fast

Cons: No payload inspection; can’t prevent content-based attacks

🔹 6. Cloud-Based Firewalls (Firewall-as-a-Service – FWaaS)

How it works: Centralized firewall delivered via the cloud, protects users and devices regardless of their location.

Use case: Remote workers, branch offices, hybrid clouds

Pros: Scalable, easy to deploy, no physical hardware

Cons: Internet dependency; trust in third-party provider

🔹 7. Web Application Firewalls (WAF)

How it works: Specifically filters, monitors, and blocks HTTP/S traffic to and from web applications.

Focus: Protects against OWASP Top 10 (e.g., SQLi, XSS)

Pros: Essential for modern web apps and APIs

Cons: Not a full replacement for a network firewall

🔹 8. Host-Based Firewalls

How it works: Software-based firewall installed on individual servers or endpoints.

Scope: Local to the host

Pros: Fine-grained control; protects even if the network firewall is bypassed

Cons: Must be configured on each host; hard to manage at scale

🔹 9. Virtual Firewalls

How it works: Deployed in virtual environments (e.g., VMware, KVM, OpenStack) to secure VM traffic.

Use case: Cloud and virtualized data centers

Pros: Agile, integrates with SDN and orchestration

Cons: Requires knowledge of virtual infrastructure

#security #firewall #linux #kernel
https://t.iss.one/unixmens

Red Hatters Atul Deshpande, Principal Chief Architect, and Rob McManus, Principal Product Marketing Manager, have just returned from Digital Transformation World Ignite (DTW) Copenhagen, the annual gathering for discussing operational support systems/business support systems (OSS/BSS), TM Forum’s Open Digital Architecture (ODA) and IT architectures. This year’s focus was on autonomous intelligent networks. Customers and partners were eager to learn how artificial intelligence (AI) is crucial for autonomous intelligent networks and how Red Hat is collaborating with partners to create effect

via Red Hat Blog https://ift.tt/CFyP9gk

Remember when AI seemed like the Wild West? Well, the sheriffs are starting to arrive. The Stanford University AI Index Report 2025 reveals a sharp rise in AI regulations. In 2024 alone, 59 new federal regulations and 131 state laws were enacted in the U.S. relating to the governance of AI use.At the same time, incidents of AI failures such as bias and security breaches have increased over 56% when compared to the previous year, underscoring the urgent need for responsible oversight. The report also highlights a concerning finding, referred to as the "responsible AI implementation gap." Comp

via Red Hat Blog https://ift.tt/3khw8ib

Modern applications and infrastructure are complex, distributed systems, making comprehensive visibility essential for maintaining performance, reliability, and cost efficiency. Red Hat observability provides the tools and capabilities needed to gain deep insights into your environments.We're excited to highlight recent advancements in observability across Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes observability components. These updates, aligning with Red Hat OpenShift 4.19 and Red Hat Advanced Cluster Management 2.14 capabilities, introduce enhanced network moni

via Red Hat Blog https://ift.tt/4RDsJja

As we move further into the AI era, our customers have been eagerly exploring the technologies that are shaping the future of IT. From groundbreaking AI innovations to crucial security enhancements and practical solutions for modernizing infrastructure, recent discussions with customers covered a wide spectrum of topics designed to help you navigate today’s complex IT landscape with confidence. This roundup brings you the top posts our readers are reading right now, highlighting the critical tools and strategic guidance for making the most of your experience.1. Introducing 90 day Red Hat Lea

via Red Hat Blog https://ift.tt/XnQUOfq

Event-Driven Ansible, part of Red Hat Ansible Automation Platform, automates actions to enable AIOps scenarios and deliver greater speed, consistency and resilience when responding to issues and alerts. Splunk, part of Cisco Systems, offers a widely-adopted observability portfolio designed to help organizations understand their digital systems, detect threats and improve operational efficiency. In collaboration with Red Hat and Cisco, Splunk can accelerate and simplify the creation of automated response scenarios for Splunk alerts. Joint customers can now more easily automate full responses, f

via Red Hat Blog https://ift.tt/KTrEzfd

Building on our commitment to simplify, empower and grow with our partners, Red Hat is excited to announce the latest enhancements to our global partner engagement experience. These updates underscore our ongoing transformation efforts to provide greater simplicity, choice and flexibility for our valued partner ecosystem.The epoch-making shift in the technology landscape, fueled by breakthroughs in AI and the dynamic world of virtualization, is reshaping every industry. Red Hat’s partner ecosystem is pivotal in helping customers navigate these seismic shifts and capitalize on emerging opport

via Red Hat Blog https://ift.tt/kn6xye3

As cloud computing and automation with Amazon Web Services (AWS) infrastructure continue to evolve, version 10.0.0 of Red Hat Ansible Certified Content Collection for AWS continues to adapt and innovate. The release of version 10.0.0 brings a range of enhancements designed to streamline user workflows, improve reliability and support a more modern and security-focused automation environment. These updates help users accelerate the shift from development to production environments more smoothly.In this blog post, we’ll take a closer look at the key features, enhancements and important changes

via Red Hat Blog https://ift.tt/PIBJpAL

The ability to support workloads on an efficient and uninterrupted basis is especially applicable in the highly demanding financial sector—which seeks to gain competitive advantage by constantly analyzing market trends, executing trading decisions, and adjusting strategy based on access to real-time data. Additionally, the rise of agentic AI trading across asset classes necessitates advanced tools to manage risk effectively, optimize trading strategies, and manage regulatory compliance. Red Hat’s understanding of these complexities, in collaboration with Simudyne, provides cutting-edge sol

via Red Hat Blog https://ift.tt/ujbECZs

🌐 ۹ کشور برتر دنیا از لحاظ سرعت اینترنت موبایل در ماه ژوئن ۲۰۲۵

۴ کشور از حوزه خلیج فارس در رتبه‌های اول

🇮🇷ایران در بخش اینترنت موبایل در رتبه ۶۱ و در اینترنت ثابت در رتبه ۱۳۹ از ۱۵۲ کشور قرار دارد

منبع: اسپید تست

وزیر ارتباطات:

استفاده از فیلترشکن‌های مجانی در سالهای گذشته باعث شده شبکه کشور شبکه‌ی آلوده‌ای بشود

سال ۱۴۰۱ تصمیم گرفتیم محدودیت ایجاد کنیم؛ آیا دسترسی ها محدود شد؟

The ability to support workloads on an efficient and uninterrupted basis is especially applicable in the highly demanding financial sector—which seeks to gain competitive advantage by constantly analyzing market trends, executing trading decisions, and adjusting strategy based on access to real-time data. Additionally, the rise of agentic AI trading across asset classes necessitates advanced tools to manage risk effectively, optimize trading strategies, and manage regulatory compliance. Red Hat’s understanding of these complexities, in collaboration with Simudyne, provides cutting-edge sol

via Red Hat Blog https://ift.tt/Rnfe4ih

Microsoft and Red Hat have shared a long history of collaboration based on open innovation. Through our combined efforts, enterprises have been empowered to more confidently build and run mission-critical workloads across hybrid environments. Most recently, this collaboration has taken a significant step forward with new technical integrations—one of the most notable being the full certification of SQL Server 2022 on Red Hat Enterprise Linux (RHEL) 9. With this certification, organizations can now run SQL Server 2022 as a confined application on RHEL 9, gaining stronger security boundaries

via Red Hat Blog https://ift.tt/lmgTQrh

The Wall Street Journal - The Cities Where College Grads Are Actually Landing JobsMany younger professionals are finding luck launching careers in second-tier cities like Raleigh, Milwaukee and Birmingham, a new analysis shows. Learn more ZDNet - Red Hat just expanded free access to RHEL for business developersRed Hat offers a new free option for up to 25 Red Hat Enterprise Linux instances for business developers. Learn more Replatform Faster: OpenShift + VSP One Storage OffloadBusinesses can streamline and expedite their replatforming initiatives. Red Hat OpenShift, powered by VSP One Stor

via Red Hat Blog https://ift.tt/Fhxdfta

1. 90%+ of Cloud Servers Run on Linux

Most cloud providers (AWS, Google Cloud, Azure, etc.) use Linux-based virtual machines by default.

Linux is lightweight, stable, secure, and open-source, making it the preferred OS for cloud infrastructure.

As a DevOps engineer, you’ll often manage Linux servers—so knowing how to navigate and configure them is fundamental.



---

2. Containers are Built for Linux

Docker and other container technologies (like Podman or LXC) use Linux kernel features such as namespaces and cgroups.

Even if you're running containers on macOS or Windows, they're often inside a Linux VM under the hood.

Understanding how containers work means understanding how Linux works.



---

3. Security, Scripting, and Automation

Tools like iptables, auditd, SELinux, and AppArmor are native to Linux.

Scripting languages like Bash, Python, or Shell scripting are vital for writing automation scripts.

DevOps relies heavily on automation—whether it's provisioning servers, deploying code, or configuring firewalls—most of which happens in Linux.



---

4. CI/CD Tools Thrive on Linux

Tools like Jenkins, GitLab CI/CD, CircleCI, and ArgoCD are primarily designed to run on Linux servers.

Build agents, runners, and pipelines often run in Linux environments.

You need to know how to work with the Linux file system, manage services (systemctl), view logs (journalctl), and handle permissions.



---

5. Infrastructure as Code (IaC) Works Best with Linux Knowledge

Tools like Terraform, Ansible, Chef, and Pulumi target Linux servers for provisioning and configuration.

Writing playbooks or deployment scripts requires familiarity with Linux directories (e.g., /etc, /var/log), package managers (apt, yum), and service management.

Linux knowledge makes your IaC implementations more accurate and efficient.

هوندا موتوری هیدروژنی با آلایندگی صفر تولید کرده است که از تمام نمونه‌های قبلی موثرتر و کوچک‌تر است و به زودی بازار خودروها را متحول و خودروهای الکتریکی را به حاشیه خواهد راند!

طراحی و ساخت این موتورهای رویایی توسط هوندا و جنرال موتورز آمریکا صورت پذیرفته و بازی خودروها را به کلی تغییر خواهد داد! دنیای حمل و نقل احتمالا در حال تجربه یک تغییر بزرگ است.

لینک

ساختار bluestore و lvm در ceph :



این نکته را باید گفت که : ؛در Ceph و مشخصاً در BlueStore، استفاده از LVM یک گزینه است، نه یک الزام.؛


اما در ادامه به بررسی مزایا و معایب این روش خواهیم پرداخت :

در کل ما دو گزینه داریم در مبحث bluestore

استفاده از Raw Device (Default و توصیه‌شده)

در این حالت، BlueStore مستقیماً روی یک دیسک یا پارتیشن فیزیکی نصب می‌شود (مثلاً /dev/sdX).

هیچ LVM یا فایل‌سیستمی در بین نیست.

مزیت: عملکرد بهتر، تأخیر کمتر، و سادگی در مدیریت.

و روش دیگر LVM-Based OSD (معمولاً در Ceph-Ansible یا ceph-volume استفاده می‌شود)

در این حالت از Volume Group و Logical Volume (LVM) استفاده می‌شود.

مخصوصاً وقتی شما بخواهید فضای OSD را روی LVM پارتیشن‌بندی کنید یا چند دیسک کوچک را تجمیع نمایید.

در ابزار ceph-volume این حالت پرکاربرد است.

به صورت مثال:

ceph-volume lvm create --data /dev/sdX

یا برای ساخت دستی:

pvcreate /dev/sdX
vgcreate ceph-vg /dev/sdX
lvcreate -n osd-lv -l 100%FREE ceph-vg
ceph-volume lvm create --data ceph-vg/osd-lv

پس BlueStore چگونه کار می‌کنه بدون فایل‌سیستم؟

در واقع BlueStore داده‌ها را مستقیماً روی دستگاه بلاک (Block Device) می‌نویسد.

برای متادیتا و ساختار مدیریت داخلی خودش، از یک دیتابیس داخلی استفاده می‌کند که اغلب RocksDB است.

ساختار ذخیره‌سازی BlueStore:

        block: داده‌های اصلی

        block.db: متادیتا

        block.wal: write-ahead log

این‌ها یا روی همان دیسک یا روی دیسک‌های جداگانه می‌توانند قرار گیرند.
🔧 چرا این تصمیم گرفته شده؟

حذف فایل‌سیستم مانند XFS باعث شده:

یک لایه میانی کمتر شود (Overhead کمتر)

Ceph کنترل کامل روی داده‌ها و تخصیص داشته باشد

بتواند عملکرد و latency را بهینه کند

بهتر با SSD و NVMe سازگار شود

اما مزایای استفاده از lvm میتونه چی باشه ؟ !!!!!!


استفاده از LVM در BlueStore یک گزینه اختیاری اما بسیار مفید است، مخصوصاً در محیط‌های production. در ادامه، مزایا و دلایل اصلی استفاده از LVM در BlueStore را با هم بررسی میکنیم :


1. مدیریت منعطف دیسک‌ها

با LVM می‌توان از چند دیسک فیزیکی یک Volume Group ساخت و آن را به یک OSD اختصاص داد.

می‌توان ظرفیت را در آینده افزایش داد (extend) یا تنظیمات جدید اعمال کرد.

مناسب برای دیتاسنترهایی که مدیریت منابع ذخیره‌سازی به‌صورت داینامیک انجام می‌دهند.

2. پارتیشن‌بندی دقیق اجزای BlueStore (block, block.db, block.wal)

در BlueStore ما سه جزء کلیدی داریم که قبلا به اون پرداختم .


با LVM می‌توان این اجزا را روی دیسک‌های مختلف قرار داد تا
از SSD برای block.db و block.wal استفاده کرد

و از HDD برای block (داده حجیم)

این کار تأثیر چشم‌گیری در افزایش کارایی و کاهش latency دارد.
3. یکپارچگی با ابزار ceph-volume

در واقع ceph-volume ابزار رسمی Ceph برای مدیریت OSDها است و از LVM به‌صورت native پشتیبانی می‌کند.

مزایا:

ساخت آسان‌تر OSD

مانیتورینگ بهتر با ceph-volume lvm list

سازگاری با cephadm/ansible

بازیابی ساده‌تر در صورت crash

4. قابلیت Tag گذاری و مدیریت منطقی

با LVM می‌توان Volumeها را با تگ‌های مشخص تعریف کرد (مثلاً برای osd.12 یا nvme-db)

در سناریوهای Disaster Recovery یا Migration بسیار مفید است.

5. Snapshot و Backup سطح Volume (در برخی کاربردها)

هرچند برای OSD عملیاتی مرسوم نیست، اما در برخی سناریوهای تست و توسعه امکان گرفتن snapshot از OSD volume وجود دارد.

مثلاً قبل از upgrade.

6. درک و مشاهده ساختار دقیق با ابزارهای LVM

ابزارهایی مثل lvdisplay, vgdisplay, pvdisplay دید کاملی از وضعیت OSD می‌دهند.

تشخیص مشکلات و مدیریت ساده‌تر.

#ceph #lvm #linux #storage #kernel #sds #bluestore

https://t.iss.one/unixmens