Sidebar Sponsor |
|
Random Distribution |
SAMity Linux
SAMity Linux, a live and installation CD based on Unity Linux, was an easy-to-use, fast and clean Xfce Linux desktop for home users.
Status: Discontinued
| |
Latest News and Updates |
|
2015-06-13 |
NEW • Distribution Release: IPFire 2.17 Core 91 |
Rate this project
|
The IPFire project, which makes an independent open source firewall solution, has announced an important security update to their distribution. The new release, IPFire 2.17 Core Update 91, patches known OpenSSL and IPsec vulnerabilities. "This is the official release announcement for IPFire 2.17 – Core Update 91. This update comes with various security fixes - most notably fixes for six security vulnerabilities in the OpenSSL library and two more vulnerabilities in strongSwan. OpenSSL security vulnerabilities: There are six security vulnerabilities that are fixed in version 1.0.2b of openssl. This version contained an ABI breakage bug that required us to wait for a fix for that and rebuild this Core Update... StrongSwan IPsec security vulnerability: In strongSwan 5.3.1, a security vulnerability that is filed under CVE-2015-3991 was fixed. A denial-of-service and potential code execution was possible with specially crafted IKE messages. IPFire ships now version 5.3.2 which fixes a second vulnerability (CVE-2015-4171)." The IPFire project recommends installing the new security update and rebooting the distribution to make sure these serious vulnerabilities have been patched. Further information can be found in the project's release announcement. Downloads (SHA1): ipfire-2.17.i586-full-core91.iso (156MB, pkglist). |
|
About IPFire
|
IPFire is a Linux distribution that focuses on easy setup, good handling and high level of security. It is operated via an intuitive web-based interface which offers many configuration options for beginning and experienced system administrators. IPFire is maintained by developers who are concerned about security and who update the product regularly to keep it secure. IPFire ships with a custom package manager called Pakfire and the system can be expanded with various add-ons.
|
Recent Related News and Releases |
2024-08-09 |
Distribution Release: IPFire 2.29 Core 187 |
|
IPFire is a Linux-based operating system for firewalls. The project focuses on easy set-up and configuration. The project's latest release introduces an extra layer of protection against denial-of-service (DoS) attacks. "Since IPFire is very commonly deployed in data centres where denial-of-service attacks happen on a regular basis, we now have added better protection against those kinds of attacks. Formerly, the system protected itself rather well against (D)DoS attacks, but this was only limited if TCP connections terminated at the firewall itself like for reverse proxies, etc. Now, IPFire can use TCP SYN cookies to protect infrastructure behind it better against SYN flood attacks. This is especially useful in high-bandwidth scenarios and cloud deployments and can be activated with only one checkbox separately for each firewall rule." Additional information is provided in the project's release announcement. Download (pkglist): ipfire-2.29-core187-x86_64.iso (421MB), ipfire-2.29-core187-x86_64.img.xz (356MB). |
|
2023-07-16 |
Distribution Release: IPFire 2.27 Core 176 |
|
IPFire is a Linux distribution that focuses on easy setup, good handling and high level of security and is mostly used on routers and firewalls. The project's latest release focused on bug fixes and minor upgrades, including fixing IPsec certificate generation in some situations. The release announcement shares the highlights: "An edge case related to bug #13138, which caused IPsec root/host certificate generation to fail on the first attempt only, has been fixed. While editing OpenVPN static IP address pools, spaces are now handled correctly again. udev rules for LVM volumes have been fixed, allowing for configured LVM volumes to start properly on boot again. Remove entries for additional mass storage via the web interface of the ExtraHD add-on have been fixed, partially resolving #12863. Filesystem journal features are now always enabled for cloud images, and as soon as a disk with SMART support is detected. misc-progs, the safety net between IPFire's web interface and the core system, have been improved under the hood to allow for better return code enumeration. Stéphane Pautrel has contributed improvements to the French translation of IPFire's web interface." Download (SHA256): ipfire-2.27-core176-x86_64.iso (372MB, torrent, pkglist). |
|
2023-02-27 |
Distribution Release: IPFire 2.27 Core 173 |
|
IPFire is a small Linux distribution for firewalls and other networking devices. The distribution has published a new release which upgrades the kernel to version 6.1 and includes support for accessing 4G and 5G networks. "The Qualcomm MSM Interface is a proprietary interface increasingly used by 4G and 5G cellular modems. Commencing with this Core Update, IPFire supports interacting with such modems, thus significantly expanding its hardware compatibility to QMI-only cellular modems, and providing a faster and more modern interface. Thanks to Michael for implementing this feature. On that occasion, he also refactored related networking code. Arne has updated the Linux kernel to the most recent stable series, 6.1.11, which has become the new long-term series. Aside from the usual improvements such major kernel updates bring like bug fixes, improved hardware support and security improvements, we took the occasion to bring several new hardening changes to IPFire users: System calls permitting processes to read or write other processes' memory are no longer provided by the kernel. On EFI systems supporting it, the firmware is now instructed to wipe all memory when rebooting, to hamper cold boot attacks. Landlock support has been enabled. GCC's 'latent entropy' plugin has been disabled, since it does not generate cryptographically secure entropy." Additional details are presented in the project's release announcement. Download (SHA256): ipfire-2.27-core173-x86_64.iso (378MB, torrent, pkglist). |
|
2022-09-16 |
Distribution Release: IPFire 2.27 Core 170 |
|
IPFire is a lightweight Linux distribution for use with firewalls and routers. The project has released a new update which introduces publicly supplied IP block lists. "The next Core Update is released: IPFire 2.27 - Core Update 170. It features new IP blocklists for the firewall engine, significant improvements to Pakfire, modernizes the default cryptographic algorithm selection for IPsec connections, as well as a new kernel, and a plethora of bug fixes and security improvements under the hood. IP-Reputation Blocking to keep known threats out: Based on prior development by Tim FitzGeorge, Stefan brought a new feature to the firewall engine, which allows the easy activation of various public IP-based blocklists, just by a single click. All enabled blocklists are updated automatically at an appropriate interval (a technique we already deployed for updating IPS rulesets), and protect against various threats, such as IP addresses or networks having a poor reputation, being involved with cyber crime hosting, or simply not allocated, hence no traffic should be routed to and from them." Additional information can be found in the release announcement. Download (SHA256): ipfire-2.27-core170-x86_64.iso (379MB, torrent, pkglist). |
|
2022-06-13 |
Distribution Release: IPFire 2.27 Core 168 |
|
The IPFire team have published a new update to their security and firewall focused distribution. A key update affects the project's intrusion prevention system (IPS): "Stefan contributed a patch series for notably improving the IPS, particularly when it comes to handling of ruleset providers. While many of the changes are done under the hood, the following are visible to the web interface: Monitoring mode can now be enabled for each ruleset provider individually. This makes baselining and testing much less of a hassle, since newly introduced IPS ruleset providers can now first be used for logging only, without risking disruptions or unintended side-effects. Parsing and restructuring changed or updated rulesets has been improved and is now faster by orders of magnitude. The downloader will now automatically check whether a ruleset has been updated on its providers' server by checking the ETag HTTP header. This allows us to drop the update interval selection; every IPS ruleset will now updated automatically on the appropriate interval." Additional details can be found in the project's release announcement. Download (SHA256): ipfire-2.27.x86_64-full-core168.iso (364MB, torrent, pkglist). |
|
2022-03-10 |
Distribution Release: IPFire 2.27 Core 164 |
|
The IPFire distribution is a minimal operating system intended for use on firewalls and routers. The project's latest release includes a new kernel (with Dirty Pipe fixes) along with a number of improvements to the firewall management software. "This update brings a couple of improvements for IPFire's firewall engine. Dropping any hostile traffic: Our IPFire Location Database contains a list of networks that are considered 'hostile' - a network nobody under any circumstance wants to communicate with at all like bullet-proof internet service providers or stolen/hijacked address space. This is enabled by default on new installations, but left disabled in this update. We strongly recommend for everyone to enable this on the Firewall Options page. Read more in a special post. A better source routing validation is being performed: The firewall will now reject any packets from systems that it cannot reach according to its own routing table. Packets that are not recognised by the connection tracking (because they might belong to an invalid connection) are now being logged to help with any debugging." Additional information is available in the project's release announcement. Download (SHA256): ipfire-2.27.x86_64-full-core164.iso (441MB, torrent, pkglist). |
|
2021-12-21 |
Distribution Release: IPFire 2.27 Core 162 |
|
IPFire is a lightweight Linux distribution for firewalls, routers, and other security-sensitive appliances. The developers have released a new version, IPFire 2.27 Core Update 162 which will be the last version to support 32-bit x86 machines. "Once a few releases after upgrading to Linux 5.10, we have now rebased the IPFire kernel on Linux 5.15. Due to dropping or upstreaming our patchset this was a lot easier than the previous step to 5.10. The new kernel is long-term supported by the Linux kernel developers and comes with various new drivers and performance improvements. Noteworthy are various performance improvements on 'zero copy' for increased throughput and lower latency; Core Scheduling (for safer Hyperthreading), and a new drivers for NTFS. We have continued our work to take advantage of improvements in the kernel that help to decrease CPU usage when forwarding large numbers of packets. In certain environments, this enables IPFire to significantly more throughput and lower latency since more CPU resources are available when needed. This is the last release supporting 32-bit Intel-compatible processors - in our case i586 and older. Having announced this plan a year ago, the time has finally come." Additional information can be found in the release announcement. Download (SHA256): ipfire-2.27.x86_64-full-core162.iso (408MB, torrent, pkglist). |
|
2021-10-05 |
Distribution Release: IPFire 2.27 Core 160 |
|
IPFire is a Linux distribution that focuses on easy setup, good handling and high level of security, intended for use in firewalls and routers. The project has published a new update which focuses on improving network throughput. "In recent days and months, the development team has spent a lot of time on finding bottlenecks and removing those. Our goal is to increase throughput on hardware and bringing latency down, for a faster network. This update brings a first change which will enable network interfaces that support it, to send packets that belong to the same stream to the same processor core. This allows taking advantage of better cache locality and the firewall engine as well as the Intrusion Prevention System benefit from this, especially with a large number of connections and especially on hardware with smaller CPU caches." The IPFire team is also continuing their work to remove Python 2 from their distribution. Additional information is provided in the project's release announcement. Download (SHA256): ipfire-2.27.x86_64-full-core160.iso (406MB, torrent, pkglist). |
|
2021-08-18 |
Distribution Release: IPFire 2.27 Core 159 |
|
IPFire is an independent Linux distribution that focuses on easy setup, good handling and high level of security. The project's latest release features a new kernel, updated hardware support, and install media that is compressed with Zstandard compression for better performance. "This is a major update for IPFire, as it rebases the IPFire kernel on Linux 5.10, the latest long-term supported release of the Linux kernel. Arne has been working through a long spring getting IPFire ported on this release and it is now finally ready for prime-time. It features: Support for many new drivers, improved support and performance for existing drivers making IPFire more compatible with new, and powerful with existing hardware. Most notably are many network drivers as well as virtualised communication with the hypervisor in the cloud. Networking throughput has been increased through zero-copy TCP receive and UDP and Bottleneck Bandwidth and RTT congestion control (BBR). Those changes will also decrease the latency of the firewall in the network when forwarding packets. Wireless will have improved throughput and better latency with Airtime Queue Limits which practically enables use of all the 'Bufferbloat' algorithms on wireless. Support for 64-bit ARM hardware has been massively improved and we were able to drop a large amount of custom patches who have been upstreamed into the Linux kernel." Further details can be found in the project's release announcement. Download (SHA256): ipfire-2.27.x86_64-full-core159.iso (405MB, torrent, pkglist). |
|
|
Sidebar Sponsor |
|
|