my preferred firewall. The best feature for me is the GEO blocking option and the fact that it can run on Hyper-V. The only thing messing is the function to disable the ping on the public red interface
I run multiple instance of Ipfire on hyper-v server to be able to control perfectly and monitor all Vlans. Working perfectly and no downtime. Solid as rock. With 12 network ports. Ipfire is Easy to update as well.
Good for business and home as well. Very easy to setup and operate. People should use Ipfire at home instead of regular router. Just use your old laptop or previous desktop. I personally use Ipfire on a laptop with Usb to network adaptor. This give me the Red et Green interface. Plug and play.
IPFire: A Community-Driven Firewall OS with a Bright Future.
IPFire is a standout in the realm of open-source firewall operating systems. It’s a community-driven project that truly prioritises its users, distinguishing it from competitors that might lean more towards corporate interests.
Strengths:
One of IPFire’s most compelling features is its commitment to security. The OS is hardened from the ground up, with a well-configured Intrusion Prevention System (IPS) powered by Suricata, offering a broad selection of rulesets. The geo-location blocking feature, libloc, provides accurate geo-blocking or allow-listing, which adds an extra layer of security. Additionally, IPFire’s update schedule is impressive, with packages being updated roughly every month or even sooner if a critical vulnerability is discovered. The inclusion of CAKE QoS ensures smooth connections, even under heavy network load.
Another strength is the wealth of community-driven documentation, which is a treasure trove of tips and advice. This, along with an active forum, makes IPFire accessible not only to advanced users but also to those just beginning to explore networking.
Areas for Improvement:
That said, IPFire does have a few areas where it could improve. The Web User Interface (WUI), while reliable, is a bit dated and could benefit from a refresh. Modern networking features like Full-Stack IPv6 Support, WireGuard, and more advanced VLAN functionality are currently missing, though these are on the roadmap for a future major release. Soon™.
The Future:
Looking ahead, I believe IPFire has the potential to become the go-to firewall OS for home-lab enthusiasts within the next 5 years. Even now, it’s a strong contender for both home and business use, thanks to its robust security features and the dedication of its community.
Conclusion:
In summary, while there are areas where IPFire could improve, its strong focus on community, coupled with a solid feature set, makes it a strong contender in the firewall OS space. As it continues to evolve, I’m confident it will meet and exceed the needs of its users.
I've been using IPFire for over 10 years, both at home and in the workplace. Many years ago I used pfSense for awhile and while it was excellent, it was much less intuitive. Getting the most out of it required a lot of effort if you weren't familiar with FreeBSD. IPFire can do most of the things that pfSense does, but in a more intuitive way.
It has features such as proactive blocking of hostile networks with zero configuration needed; an intrusion prevention system that blocks malicious traffic by rules (some built in, some that require payment due to their high quality) on both the WAN and the LAN; other user configurable blocklists; blocking inbound traffic by country; a very effective Quality of Service module to help high density networks feel more responsive. There are more features which make this not just a quality router, but an effective firewall. It can be installed on most any system that has at least two network adapters (one for WAN, one for LAN) and is easy to do. Beef up your security at home, or integrate it into a SMB. It is light on resources too and can be installed on most firewall appliances such as those sold by Protectli.
The community forums are super helpful and often the features can be extended with a little command line knowledge. Forum users are very helpful in this way.
Lastly, they have a regular blog that talks about new features and upcoming features. IPFire gets updated quite frequently, on average 8-10 updates per year. They provide an easy and intuitive backup and restore process so that on the offchance something goes wrong, simply reinstall the OS and restore your backup and you're back up and running. If you want to try ditching your home router and rolling your own better one, this is a great option. And like I said, it is powerful enough to use in a business environment as well.
I've been using IPFire for over 10 years, both at home and in the workplace. Many years ago I used pfSense for awhile and while it was excellent, it was much less intuitive. Getting the most out of it required a lot of effort if you weren't familiar with FreeBSD. IPFire can do most of the things that pfSense does, but in a more intuitive way.
It has features such as proactive blocking of hostile networks with zero configuration needed; an intrusion prevention system that blocks malicious traffic by rules (some built in, some that require payment due to their high quality) on both the WAN and the LAN; other user configurable blocklists; blocking inbound traffic by country; a very effective Quality of Service module to help high density networks feel more responsive. There are more features which make this not just a quality router, but an effective firewall. It can be installed on most any system that has at least two network adapters (one for WAN, one for LAN) and is easy to do. Beef up your security at home, or integrate it into a SMB. It is light on resources too and can be installed on most firewall appliances such as those sold by Protectli.
The community forums are super helpful and often the features can be extended with a little command line knowledge. Forum users are very helpful in this way.
Lastly, they have a regular blog that talks about new features and upcoming features. IPFire gets updated quite frequently, on average 8-10 updates per year. They provide an easy and intuitive backup and restore process so that on the offchance something goes wrong, simply reinstall the OS and restore your backup and you're back up and running. If you want to try ditching your home router and rolling your own better one, this is a great option. And like I said, it is powerful enough to use in a business environment as well.
It just works the gui is very responsive the latency is very low ,pages load very fast ,I love the fact that the developer uses custom linux kernels with less bloatware, security is foremost, and it's linux so it's better than free bsd,i have used nearly all open source firewall loved this firewall , community is very helpful all your queries are instantly cleared, the founder Micheal is a gem he listens to his community . Firewall operation is simple no bells and whistle Germans like functionality more than glamour
N00b review, home user. Background is owning a Linux-based VDSL2 modem/router/wifi box which is no longer receiving updates.
My goal was to dumb/split down that thingy into two separate entities, namely a dumb DSL modem for IPfire RED side (aka public interwebs), and a simple ethernet+wifi switch which talks to IPfire on the GREEN side, what with ipfire keeping pub and private separate.
Lo and behold, ipfire pretty much worked out of the box, and compared to the firewall in my older combo box, the interface felt friggin' user *friendly*!
Samba add-on made it easy enough to turn ipfire into a poor man's home NAS. Enabled SSH server, went rogue in the CLI and now the damn thing is a full bitcoin node as well.
Long story short, this is what I tried to do with barebones Debian but did not know how... so much stuff in this distro which just manages to demystify swamp monster... er, interwebs... a little, for a n00b.
I love that this is an independent distro with some specific goals, with carefully chosen options (PAKfire) afaict. Me likee!
This is a very nice system for building your own firewall. I got a new ISP and they shipped an awful locked-down Amazon unit that needed a bluetooth-enabled smartphone to talk to it so I wanted something else. Commercial stuff is expensive, and you want to be sure to get security updates. I tried OpnSense but the lack of decent wireless support on BSD was no good for me, I don't want to have a separate access point.
This is easy to install and configure, I used an old SFF office computer I rescued from the trash, with a second NIC installed. A decent WiFi dongle allows it to run as an AP as well, but make sure the device you choose supports AP mode. The forum and Wiki are great, and the developers respond promptly to questions. IPFire uses few system resources and has some excellent features such as the Intrusion Prevention system. There are also lots of logging options to see what's happening. My system has been running for over a year now, only rebooted for system updates.
I am a former Freesco user and when it became hard to source hardware, I switched. I tried pfSense, and whilst I was impressed with what you can do, it really doesn't play nice with some hardware. Based on FreeBSD, it is less in tune with some consumer grade stuff. IpFire was next and being a Linux based firewall, it handles consumer stuff much better, yielding more reliability in my situation.
Overall config is easy, forum support is good, helpful, feature set from a security perspective very impressive. I managed to hook up my UPS easily, configure RED to the right VLAN, and get SSH setup securely. Recently I've moved the hardware to a simple appliance, and that combo works so well, I have literally all the services up and running. I like the ease of setting your own DNS servers, avoiding those the ISP provides and switching to secure DNS. OpenVPN is easy to set up and get going, and the DynamicDNS feature works well, it automatically maintains the assigned IP for you, allowing you easily connect from the outside.
Reporting is good, lots of info. I handle around 30-50TB every day, and it is rock solid. I have it reboot occasionally to clear the cache, but it's not really needed. Updates are frequent and useful, and have been for years. I've made several donations over the years to support the effort.
Probably it's biggest weakness is something pfSense and OPNSense can do, the routing part. There is some VLAN support, but if your ISP uses multiple RED's (or external networks in non IPFire speak), IpFire can't handle it, there is also not much in IPv6 support. Supposedly there is rewrite on the way supporting IPv6, but this is not a wealthy community, so progress is slow.
So for most SOHO scenarios, IpFire is great, but it might not be enough for your needs. It is true open source, well maintained by a group that knows what they are doing. The other Linux based offerings seem more the fremium model, even though they blab open source, their power has to be unlocked through payments. I would never go that route, so if IpFire can't do it for me, I'd go to pfSense, or OPNSense. So in my mind, IpFire is the best Linux based open source firewall distro out there. And that's quite something.
I use Ipfire for a while now. I tried many firewall but i always prefer ipfire. The best feature i love is geolocation block. So i can block all incoming trafics from the country i blocked.
The development team members are focused on security, and have made great strides in the recent past.
My only concern is the long term goal of incorporating systemd, which will be a show- stopper for me. At that point, I'll have to roll out another solution, such as ShoreWall, on a systemd- free distribution, such as Devuan.
For those who are unconcerned about the systemd intent, IPFire is a great long- term solution, particularly if one stays current with updates.
Excelent documentation, attention to detail and user problems. Highly recommended!
Flashed the ARM version of IPFire 2.25 on a tiny NanoPi R1 (1Gb) which I replaced the Open-WRT that it came on the eMMC. The WAN is 1Gb and the LAN 10/100Mb which is more then enough for my home internet that is connected to a 1Gb 8 port switch. I decided not to use the builtin WiFi and purchased a TP-Link Omada AC1350 AP (PoE) for full coverage of my single floor 3000 Sqft house (AP centrally mounted). Flashing was almost easy. Really like all the functionality this has. Has a very noticble speed increase over my old Netgear router. I imagine I will be limited to installing too many add-on packages due to the NanoPi is using a ARM cpu.
* Security focused with regular updates
* Runs on low-end hardware
* Completely managed through the GUI. Almost no command-line (ssh) usage required after initial install.
* Useful collection of add-ons
I have been using this for over a year and am quite happy with it.
my preferred firewall. The best feature for me is the GEO blocking option and the fact that it can run on Hyper-V. The only thing messing is the function to disable the ping on the public red interface
I run multiple instance of Ipfire on hyper-v server to be able to control perfectly and monitor all Vlans. Working perfectly and no downtime. Solid as rock. With 12 network ports. Ipfire is Easy to update as well.
Good for business and home as well. Very easy to setup and operate. People should use Ipfire at home instead of regular router. Just use your old laptop or previous desktop. I personally use Ipfire on a laptop with Usb to network adaptor. This give me the Red et Green interface. Plug and play.
IPFire: A Community-Driven Firewall OS with a Bright Future.
IPFire is a standout in the realm of open-source firewall operating systems. It’s a community-driven project that truly prioritises its users, distinguishing it from competitors that might lean more towards corporate interests.
Strengths:
One of IPFire’s most compelling features is its commitment to security. The OS is hardened from the ground up, with a well-configured Intrusion Prevention System (IPS) powered by Suricata, offering a broad selection of rulesets. The geo-location blocking feature, libloc, provides accurate geo-blocking or allow-listing, which adds an extra layer of security. Additionally, IPFire’s update schedule is impressive, with packages being updated roughly every month or even sooner if a critical vulnerability is discovered. The inclusion of CAKE QoS ensures smooth connections, even under heavy network load.
Another strength is the wealth of community-driven documentation, which is a treasure trove of tips and advice. This, along with an active forum, makes IPFire accessible not only to advanced users but also to those just beginning to explore networking.
Areas for Improvement:
That said, IPFire does have a few areas where it could improve. The Web User Interface (WUI), while reliable, is a bit dated and could benefit from a refresh. Modern networking features like Full-Stack IPv6 Support, WireGuard, and more advanced VLAN functionality are currently missing, though these are on the roadmap for a future major release. Soon™.
The Future:
Looking ahead, I believe IPFire has the potential to become the go-to firewall OS for home-lab enthusiasts within the next 5 years. Even now, it’s a strong contender for both home and business use, thanks to its robust security features and the dedication of its community.
Conclusion:
In summary, while there are areas where IPFire could improve, its strong focus on community, coupled with a solid feature set, makes it a strong contender in the firewall OS space. As it continues to evolve, I’m confident it will meet and exceed the needs of its users.
I've been using IPFire for over 10 years, both at home and in the workplace. Many years ago I used pfSense for awhile and while it was excellent, it was much less intuitive. Getting the most out of it required a lot of effort if you weren't familiar with FreeBSD. IPFire can do most of the things that pfSense does, but in a more intuitive way.
It has features such as proactive blocking of hostile networks with zero configuration needed; an intrusion prevention system that blocks malicious traffic by rules (some built in, some that require payment due to their high quality) on both the WAN and the LAN; other user configurable blocklists; blocking inbound traffic by country; a very effective Quality of Service module to help high density networks feel more responsive. There are more features which make this not just a quality router, but an effective firewall. It can be installed on most any system that has at least two network adapters (one for WAN, one for LAN) and is easy to do. Beef up your security at home, or integrate it into a SMB. It is light on resources too and can be installed on most firewall appliances such as those sold by Protectli.
The community forums are super helpful and often the features can be extended with a little command line knowledge. Forum users are very helpful in this way.
Lastly, they have a regular blog that talks about new features and upcoming features. IPFire gets updated quite frequently, on average 8-10 updates per year. They provide an easy and intuitive backup and restore process so that on the offchance something goes wrong, simply reinstall the OS and restore your backup and you're back up and running. If you want to try ditching your home router and rolling your own better one, this is a great option. And like I said, it is powerful enough to use in a business environment as well.
I've been using IPFire for over 10 years, both at home and in the workplace. Many years ago I used pfSense for awhile and while it was excellent, it was much less intuitive. Getting the most out of it required a lot of effort if you weren't familiar with FreeBSD. IPFire can do most of the things that pfSense does, but in a more intuitive way.
It has features such as proactive blocking of hostile networks with zero configuration needed; an intrusion prevention system that blocks malicious traffic by rules (some built in, some that require payment due to their high quality) on both the WAN and the LAN; other user configurable blocklists; blocking inbound traffic by country; a very effective Quality of Service module to help high density networks feel more responsive. There are more features which make this not just a quality router, but an effective firewall. It can be installed on most any system that has at least two network adapters (one for WAN, one for LAN) and is easy to do. Beef up your security at home, or integrate it into a SMB. It is light on resources too and can be installed on most firewall appliances such as those sold by Protectli.
The community forums are super helpful and often the features can be extended with a little command line knowledge. Forum users are very helpful in this way.
Lastly, they have a regular blog that talks about new features and upcoming features. IPFire gets updated quite frequently, on average 8-10 updates per year. They provide an easy and intuitive backup and restore process so that on the offchance something goes wrong, simply reinstall the OS and restore your backup and you're back up and running. If you want to try ditching your home router and rolling your own better one, this is a great option. And like I said, it is powerful enough to use in a business environment as well.
It just works the gui is very responsive the latency is very low ,pages load very fast ,I love the fact that the developer uses custom linux kernels with less bloatware, security is foremost, and it's linux so it's better than free bsd,i have used nearly all open source firewall loved this firewall , community is very helpful all your queries are instantly cleared, the founder Micheal is a gem he listens to his community . Firewall operation is simple no bells and whistle Germans like functionality more than glamour
N00b review, home user. Background is owning a Linux-based VDSL2 modem/router/wifi box which is no longer receiving updates.
My goal was to dumb/split down that thingy into two separate entities, namely a dumb DSL modem for IPfire RED side (aka public interwebs), and a simple ethernet+wifi switch which talks to IPfire on the GREEN side, what with ipfire keeping pub and private separate.
Lo and behold, ipfire pretty much worked out of the box, and compared to the firewall in my older combo box, the interface felt friggin' user *friendly*!
Samba add-on made it easy enough to turn ipfire into a poor man's home NAS. Enabled SSH server, went rogue in the CLI and now the damn thing is a full bitcoin node as well.
Long story short, this is what I tried to do with barebones Debian but did not know how... so much stuff in this distro which just manages to demystify swamp monster... er, interwebs... a little, for a n00b.
I love that this is an independent distro with some specific goals, with carefully chosen options (PAKfire) afaict. Me likee!
This is a very nice system for building your own firewall. I got a new ISP and they shipped an awful locked-down Amazon unit that needed a bluetooth-enabled smartphone to talk to it so I wanted something else. Commercial stuff is expensive, and you want to be sure to get security updates. I tried OpnSense but the lack of decent wireless support on BSD was no good for me, I don't want to have a separate access point.
This is easy to install and configure, I used an old SFF office computer I rescued from the trash, with a second NIC installed. A decent WiFi dongle allows it to run as an AP as well, but make sure the device you choose supports AP mode. The forum and Wiki are great, and the developers respond promptly to questions. IPFire uses few system resources and has some excellent features such as the Intrusion Prevention system. There are also lots of logging options to see what's happening. My system has been running for over a year now, only rebooted for system updates.
I am a former Freesco user and when it became hard to source hardware, I switched. I tried pfSense, and whilst I was impressed with what you can do, it really doesn't play nice with some hardware. Based on FreeBSD, it is less in tune with some consumer grade stuff. IpFire was next and being a Linux based firewall, it handles consumer stuff much better, yielding more reliability in my situation.
Overall config is easy, forum support is good, helpful, feature set from a security perspective very impressive. I managed to hook up my UPS easily, configure RED to the right VLAN, and get SSH setup securely. Recently I've moved the hardware to a simple appliance, and that combo works so well, I have literally all the services up and running. I like the ease of setting your own DNS servers, avoiding those the ISP provides and switching to secure DNS. OpenVPN is easy to set up and get going, and the DynamicDNS feature works well, it automatically maintains the assigned IP for you, allowing you easily connect from the outside.
Reporting is good, lots of info. I handle around 30-50TB every day, and it is rock solid. I have it reboot occasionally to clear the cache, but it's not really needed. Updates are frequent and useful, and have been for years. I've made several donations over the years to support the effort.
Probably it's biggest weakness is something pfSense and OPNSense can do, the routing part. There is some VLAN support, but if your ISP uses multiple RED's (or external networks in non IPFire speak), IpFire can't handle it, there is also not much in IPv6 support. Supposedly there is rewrite on the way supporting IPv6, but this is not a wealthy community, so progress is slow.
So for most SOHO scenarios, IpFire is great, but it might not be enough for your needs. It is true open source, well maintained by a group that knows what they are doing. The other Linux based offerings seem more the fremium model, even though they blab open source, their power has to be unlocked through payments. I would never go that route, so if IpFire can't do it for me, I'd go to pfSense, or OPNSense. So in my mind, IpFire is the best Linux based open source firewall distro out there. And that's quite something.
I use Ipfire for a while now. I tried many firewall but i always prefer ipfire. The best feature i love is geolocation block. So i can block all incoming trafics from the country i blocked.
The development team members are focused on security, and have made great strides in the recent past.
My only concern is the long term goal of incorporating systemd, which will be a show- stopper for me. At that point, I'll have to roll out another solution, such as ShoreWall, on a systemd- free distribution, such as Devuan.
For those who are unconcerned about the systemd intent, IPFire is a great long- term solution, particularly if one stays current with updates.
Excelent documentation, attention to detail and user problems. Highly recommended!
* Security focused with regular updates
* Runs on low-end hardware
* Completely managed through the GUI. Almost no command-line (ssh) usage required after initial install.
* Useful collection of add-ons
I have been using this for over a year and am quite happy with it.
Flashed the ARM version of IPFire 2.25 on a tiny NanoPi R1 (1Gb) which I replaced the Open-WRT that it came on the eMMC. The WAN is 1Gb and the LAN 10/100Mb which is more then enough for my home internet that is connected to a 1Gb 8 port switch. I decided not to use the builtin WiFi and purchased a TP-Link Omada AC1350 AP (PoE) for full coverage of my single floor 3000 Sqft house (AP centrally mounted). Flashing was almost easy. Really like all the functionality this has. Has a very noticble speed increase over my old Netgear router. I imagine I will be limited to installing too many add-on packages due to the NanoPi is using a ARM cpu.
No warning wipes out my whole hard drive on installation. This is a bomb.
TUXEDO
TUXEDO Computers - Linux Hardware in a tailor made suite Choose from a wide range of laptops and PCs in various sizes and shapes at TUXEDOComputers.com. Every machine comes pre-installed and ready-to-run with Linux. Full 24 months of warranty and lifetime support included!
Learn more about our full service package and all benefits from buying at TUXEDO.
Advertisement
Star Labs
Star Labs - Laptops built for Linux.
View our range including the highly anticipated StarFighter. Available with coreboot open-source firmware and a choice of Ubuntu, elementary, Manjaro and more. Visit Star Labs for information, to buy and get support.