Changes to our donation process

by Michael Tremer, January 3, Updated January 3

Donations are the backbone of the project. They keep the lights on and fund development. They are however a complicated construct and a lot of paperwork. We have now made some changes that will make the entire process more transparent and easier for everyone.

Donations to the project have in the past not been tax-deductible for most organizations - which is now going to change: Instead of treating a donation (which does not exist in Germany's tax law) as a voluntary "gift", we will now treat it as a regular billable service where you, the donor, choose the amount. This has many advantages for both, donors and the project.

From now on, we will send you a formal order confirmation as soon as you clicked the "Donate Now" button. It has become a legal requirement for all credit card payments to send the "customer" a full summary about the transaction before it is being conducted and this is our way to do so. The email will say "order confirmation" which might not be the best choice for donations, but it is just that - a confirmation that we have received your intention to donate.

After the transaction has been conducted, you will receive an invoice for your documents. New is also that this invoice will contain any VAT that has been charged (if applicable) and you can take it to your pile of fully deductible expenses.

Most of our donors won't pay a penny in VAT since any payments from outside the European Union are entirely tax-free. Donors who can provide us with a valid VAT number will also donate VAT-free. If you fall into that category, please make sure you enter your VAT number before making a donation.

That only leaves private donors from inside the EU to which VAT will apply, but you won't have to worry about this at all. We will take care of this like your local sandwich shop does when you buy a sandwich.

Because of this we also have decided that if you click "organization" on the donation form, the amount entered will be exclusive of VAT since the vast majority won't pay it. This is the default in every online store too, where prices for businesses will be shown exclusive of any VAT.
For organizations in Germany only, this will however result in the final invoice having VAT added and therefore being higher than the amount entered. Of course you will be able to claim back the difference with your regular VAT tax return, but we require you to know that this is happening.

Why am I telling you all of this?

To keep you in the loop.

Actually, nothing really changes for you when you are donating. You will just have to go to this page, fill in the form and click the big red button. After that, you pick your payment method, do the payment and you are done. It is nice and easy and we hope that many of you will continue making use of that form as much as they can to help to make IPFire successful.

If you already have a recurring donation set up, we will roll you over to the new system and you won't have to do anything.

We have had many conversations with other Open Source projects over the years and it looks like everyone has their own donation process - simply because donations do not exist in German tax law.

We have now implemented a number of changes that were required due to changes in the law and we worked hard to find the right and best way to make this work for everyone involved.

I am happy to say that we have now finally reached that point where all changes have become reality where a maximum amount of your donations are actually going into the project and only a minimal amount is being spent on fees and other overhead.

This is very close to my heart because every penny more that we can spend on the project is a step closer to our goals.

Thank you to everyone joined in to help!

If you have any questions about these changes, please mail at

As 2021 is nearing its end, I would like to take the opportunity to thank everyone who has helped us making it another successful year. Whether that is by being a loyal user, contributing to the project in any shape or form, or by helping us to promote the project and telling all your colleagues and friends about your most favourite firewall.

It has been a chaotic year - there is probably no way to hide that it has been a rollercoaster because of the pandemic still not being over. It has impacted us through a large loss of funding and motivating ourselves has been challenging throughout the year. But objectively, we have been strong and released a whopping eight releases. This is a little bit lower than last year, but the releases were bigger and packed a large number of improvements and new features:

  • We have massively boosted network throughput in IPFire, where especially smaller hardware is benefitting, but larger systems are able to transfer another couple of tens of gigabits. The Intrusion Detection System can offload any streams it can no longer analyse which bumps up throughput for those because there is no more overhead any more
  • One-Click IPsec VPNs with Mac OS X & iOS
  • We tackled some security problems that affected virtually any firewall in the world and got named NAT Slipstreaming
  • Live Graphs
  • Fast Flux Detection
  • WPA3 Client Support
  • Long-standing bugs around DNS have been resolved and we fixed hundreds of problems throughout the whole distribution making IPFire a lot smoother to use - even in difficult environments
  • We removed Python 2 and upgraded a large number of packets to keep IPFire a very modern and hardened operating system. Most important is that we migrated from Linux 4.14 to 5.15 (pun not intended).
  • IPFire runs on my hardware than ever since we have added loads of device drivers for modern networking hardware, support for many ARM single-board computers and we have added support for ARM on AWS

With just under 2000 commits to our master branch, it has been a record year with an increase of over 20% compare to 2020. And all that by only 17 contributors of which five have been first-time contributors. But of course development is only one part of the project. There have been plenty of people who have contributed to the documentation on our wiki spending endless days and night explaining how to use IPFire; plenty of people have been helping each other our debugging problems and giving advice on our IPFire Community Portal. All of this, and many more tasks are essential to keep the project going and I would like to thank each and everyone of you to be a part of our community.

Retiring i586 and Hardware Woes

As announced earlier this year, we are going to retire support for the i586 architecture, which will free up lots of time spent on testing. We urge everyone who didn't already to upgrade to the 64 bit version as soon as possible to get more performance and much better hardening for your system.

Just like the last couple of years, hardware security issues have kept us busy as well as security problems in some third-party software. The ecosystem is not in its best state which is causing us a lot of work where we, although there is a fix available, have to investigate whether IPFire is affected, what can be done and in the end test the fix for any regressions. Often that is difficult when we do not have access to hardware that is affected or where we simply have to act fast. Unfortunately this has limiting us a lot this year, and in the end there are often very small changesets committed to our source code repository and there is only one line in the change log - although it has been work for days and weeks.

We Are Ready For 2022!

Let's hope that things will change for the better in 2022. I am certainly looking forward to it and see it becoming the best year we have had, yet!

We have a lot planned and we hope that we can continue to grow and achieve our goals. Having started a lot of smaller projects within IPFire and having another update that is ready for testing, we have a very busy schedule and we are absolutely happy with that.

Please help us out, if you didn't already do so, and donate to the project. We really any support that we can get to bring IPFire forward and to keep doing what we are doing: Making the Internet a safer place for everyone.

If you already contributed, I would like to say Thank You an behalf of all of us here. We could not do it without the support from our community and it is great to have such a great one behind us.

Happy New Year!

Just before Christmas, it is time for the last release of the year: IPFire 2.27 - Core Update 162. It comes with a brand-new kernel based on Linux 5.15, and it will be the last release supporting the i586 architecture.

Before we talk about what is new, I would like to ask you for your support. IPFire is a small team of people and like many of our open source friends, we’ve taken a hit this year and would like to ask you to help us out. Please follow the link below where your donation can help fund our continued development:

Linux 5.15

Once a few releases after upgrading to Linux 5.10, we have now rebased the IPFire kernel on Linux 5.15. Due to dropping or upstreaming our patchset this was a lot easier than the previous step to 5.10.

The new kernel is long-term supported by the Linux kernel developers and comes with various new drivers and performance improvements. Noteworthy are various performance improvements on "zero copy" for increased throughput and lower latency; Core Scheduling (for safer Hyperthreading), and a new drivers for NTFS.

We have continued our work to take advantage of improvements in the kernel that help to decrease CPU usage when forwarding large numbers of packets. In certain environments, this enables IPFire to significantly more throughput and lower latency since more CPU resources are available when needed.

Deprecating i586

This is the last release supporting 32 bit Intel-compatible processors - in our case i586 and older. Having announced this plan a year ago, the time has finally come.

We are very hopeful that we will be able to concentrate our limited development time more on architectures and features that are used by the masses instead of keeping support for something that only a few people are still using and that is becoming harder and harder since so many distributions have already done this step which leaves us with lots of bugs to find ourselves instead of taking advantage of the open source community.

If you are running on an i586 system, you should backup your configuration, perform a fresh installation with a supported architecture and restore the backup. We encourage you to migrate immediately as it will be done in less than half an hour.


  • IPS: A long-stand bug has been discovered which caused that some TCP connections could not be opened and timed out. This happened on TCP stacks that use the timestamp option and where the first SYN packet does not reach the server. Due to the state of the repeated packet not being considered, the IPS did not allow any SYN-ACK packets back through to the client which caused the connection to time out. This has been fixed and submitted upstream.
  • The web user interface has gained a new "help" option which will bring you to the correct page on the IPFire Wiki.
  • IPFire Location has added the new "DROP" category (allocated country code XD) which has a curated list of networks which nobody is ever expected to talk to
  • OpenVPN: An error has been fixed which caused to show an "Internal Server Error" after generating root and host certificates (#12574)
  • Dynamic DNS: Fix broken updates after API change
  • jwhois has been replaced with an actively maintained version of whois
  • The installer will now correctly create EFI boot entries on all BIOSes. This used to fail on ARM64-based machines.
  • Updated packages: BIND 9.16.22, bison 3.8.2, coreutils 9.0, dhcpcd 9.4.1, gawk 5.1.1, jansson 2.14, knot 3.1.1, libhtp 0.5.39, libloc 0.9.8, libseccomp 2.5.3, libxcrypt 4.4.26, meson 0.59.2, OpenVPN 2.4.4, OpenSSH 8.8p1, slang 2.3.2, suricata 5.0.8, unbound 1.13.2, xtables-addons 3.18


  • Updated packages: ClamAV 0.104.1, dnsdist 1.6.1, libffi 3.4.2, Postfix 3.6.3, strace 5.14, sslh 1.22c, sshfs 3.7.2, Tor