Hello everyone,

the last Core Update for this decade is finally available for testing! If you have a couple of hours free over the holidays, please help us out by installing it and sending us your feedback!

Improved Booting & Reconnecting

Dialup scripts have been cleaned up to avoid any unnecessary delays after the system has been handed a DHCP lease from the Internet Service Provider. This allows the system to reconnect quicker after loss of the Internet connection and booting up and connecting to the Internet is quicker, too.

Improvements to the Intrusion Prevention System

Various smaller bug fixes have been applied in this Core Update which makes our IPS a little bit better with every release. To take advantage of deeper analysis of DNS packets, the IPS is now informed about which DNS servers are being used by the system.

TLS

IPFire is configured as securely as possible. At the same time we focus on performance, too. For connections to the web user interface, we do not allow using CBC any more. This cipher mode is begin to crack and the more robust GCM is available.

Whenever an SSL/TLS connection is being established to the firewall, we used to prefer ChaCha20/Poly1305 as a cipher. Since AESNI is becoming and more and more popular even on smaller hardware, it makes sense to prefer AES. A vast majority of client systems support this as well which will allow to communicate faster with IPFire systems and save battery power.

Misc.

  • The microcode for Intel processors has been updated again to mitigate vulnerabilities from the last Core Update
  • PC Engines APU LEDs are now controlled using the ACPI subsystem which is made possible using the latest BIOS version 4.10.0.3
  • Captive Portal: Expired clients are now automatically removed
  • Dynamic DNS: Support for NoIP.com has been fixed in ddns 12
  • Updated packages: Python 2.7.17, bash 5.0, bind 9.11.13, cpio 2.13, libarchive 3.4.0, logwatch 7.5.2, lz4 1.9.2, openvpn 2.4.8, openssh 8.1p1, readline 8.0 (and compat version 6.3), squid 4.9, unbound 1.9.5

Add-Ons

  • clamav has been updated to 0.102.1 which include various security fixes
  • libvirt has been updated to version 5.6.0 for various bug fixes or feature enhancements and support for LVM has been enabled.
  • qemu has been updated to 4.1.0
  • Various others: nano 4.6, postfix 3.4.8, spectre-meltdown-checker 0.42

Today, we have updated IPFire on AWS to IPFire 2.23 - Core Update 138 - the latest official release of IPFire.

This update includes security fixes for vulnerabilities in Intel processors as well as the new and improved Quality of Service.

AWS

We are very happy that from week to week, we are gaining more customers for IPFire in the cloud - where you now can manage your network just as you do it in your own data centre.

In contrast to Amazon’s own features, IPFire is easier to manage, performs just as well, but brings you even more features like standard IPsec VPNs, OpenVPN for on-the-road connectivity to the cloud, Intrusion Prevention for your cloud servers, detailed logging and reporting and many more features.

Try it out today for free!

There is a detailed installation guide available which helps you setting up your cloud correctly for IPFire.

How to update?

For all customers that are already running on the latest image, there is nothing to do here but to make sure that you have all updates installed on your instance.

Click here to go to IPFire on AWS


Hello,

we have recently launched our new IPFire Community Portal with that, we also launched our new account system at people.ipfire.org.

Some of you have already signed up there, but many of you didn't, yet.

To stay in touch with us and to keep updated on everything that happens inside the project, please sign up now!