Today, we have updated IPFire on AWS to IPFire 2.23 - Core Update 136 - the latest official release of IPFire.

This update includes security fixes for OpenSSL and the Linux kernel, an updated Perl, and of course many other fixes throughout the whole system.

AWS

We are very happy that from week to week, we are gaining more customers for IPFire in the cloud - where you now can manage your network just as you do it in your own data center.

In contrast to Amazon’s own features, IPFire is easier to manage, performs just as well, but brings you even more features like standard IPsec VPNs, OpenVPN for on-the-road connectivity to the cloud, Intrusion Prevention for your cloud servers, detailed logging and reporting and many more features.

Try it out today for free!

There is a detailed installation guide available which helps you setting up your cloud correctly for IPFire.

How to update?

For all customers that are already running on the latest image, there is nothing to do here but to make sure that you have all updates installed on your instance.

Click here to go to IPFire on AWS


This is the official release announcement for IPFire 2.23 - Core Update 136. A new update packed with loads of security fixes, bug fixes and a couple of important new features.

Please donate to help our developers and keep bringing you new features. Thank you, it means a lot.

OpenSSL 1.1.1d

This update ships the latest update of the OpenSSL library which has received some important fixes in its latest release:

  • CVE-2019-1547: With custom elliptic curves, timing attacks were made possible again. This is of very low risk in IPFire, since we are not using any custom curves.
  • CVE-2019-1549: Forked processes could have shared the same seed for their random number generator which is being fixed in this one by mixing in a high precision timer.
  • CVE-2019-1563: Another padding oracle for large PKCS7 messages

All of these are classified as "low severity". However, we recommend to install this update as soon as possible.

Perl 5.30

Arne has been busy and been working on replacing Perl with the latest stable version. This requires that loads of applications that use Perl - like our own web user interface - have to be shipped again as well as many add-ons. Hence this update is rather large.

GeoIP

Since Maxmind is no longer publishing their GeoIP database in the original format, but unfortunately not providing any good bindings for the new release, we have only had an outdated version of the database that we made available in IPFire.

There is now a script that converts the current data into the old format which allows us to provide a recent database again.

This database is however only being used for showing the country flags on the web UI. GeoIP blocking uses a database in a different format and therefore always has recent data to only block the right things.

Misc.

  • The firewall has a limit for log messages so that flooding the firewall with packets won't cause a Denial-of-Service by filling up the hard drive with gigabytes of logs and also to not starve on write operations. This limit was however very low for modern standards and has therefore been increased to 10 logged packets per second. That will ensure that we won't drop a packet without logging it.
  • Updated packages: apache 2.4.41, bind 9.11.10, clamav 0.101.4, dhcpcd 8.0.3, knot 2.8.3, logrotate 3.15.1, openssh 8.0p1, patch 2.7.6, texinfo 6.6, unbound 1.9.3, usb_modeswitch 1.5.2
  • logwatch and logrotate could conflict when running at the same time. This has been changed so only one of them is running at the same time.
  • Log messages for DMA, the IPFire mailer, and Postfix are now shown on the web UI
  • The toolchain now ships a compiler for Go

Add-ons

  • Updated packages: freeradius 3.0.19, haproxy 2.0.5, monit 3.25.3, postfix 3.4.6, spamassassin 3.4.2, zabbix_agent 4.2.6
  • dnsdist has had its limit of open connections increased to work better in bigger environments
  • tor: A permission problem has been fixed so that the web UI can save settings again
  • wio: The RRD files will now be included in the backup as well as various UI improvements have been done

Please reboot!

This update needs a reboot of your IPFire system.


Job Opportunity for a Junior Developer (m/f/x)

by Michael Tremer, September 23, Updated September 28

We, Lightning Wire Labs, are offering an opportunity ideal for a student to become a Junior Developer.

As the leading organisation in the IPFire Project, we are growing our team to allow us to move it forward quicker as well as advancing other internal projects.

Are you a frequent contributor to Open Source projects, but want to develop your skills further?

Join our growing team to help us to achieve our ambitious goals and learn at the same time.

Required skills:

  • Fluent in Python, Shell Scripts, Git, HTML, CSS, JS
  • Good Linux and Networking Skills
  • Good communication skills with other staff and the community. English is mandatory, German is optional.

The focus will be working on the IPFire Project. Development of new features as well as fixing bugs and supporting the community will be essential parts. You will develop our internal applications and software stack as well.

This job offers great flexibility in terms of work hours and will be remote with occasional visits to our main office.

Please send your application including your CV to jobs@lightningwirelabs.com.