IPFire 2.23 - Core Update 137 is available for testing

by Michael Tremer, October 27, 2019

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

A little bit behind schedule, we are happy to announce the upcoming release of IPFire 2.23 - Core Update 137. It comes with an updated kernel, a reworked Quality of Service and various bug and security fixes.

Development around the Quality of Service and tackling some of the bugs required an exceptional amount of team effort in very short time and I am very happy that we are now able to deliver the result to you to improve your networks. Please help us to keep these things coming to you with your donation!

An improved and faster QoS

As explained in detail in a separate blog post from the engine room, we have been working hard on improving our Quality of Service (QoS).

It allows to pass a lot more traffic on smaller systems as well as reduces packet latency on faster ones to create a more responsive and faster network.

To take full advantage of these changes, we recommend to reboot the system after installing the update.

Linux 4.14.150

The IPFire Kernel has been rebased on Linux 4.14.150 and equipped with our usual hardening and other patches.

The kernel has been tuned to deliver more throughput for IP connections as well as reducing latency to a minimum to keep your network as responsive and fast as possible.

An especially nasty bug that caused the system to drop DNS packets when the Intrusion Detection System was enabled has been tracked down by a large group of IPFire developers and additional help of the suricata team.

Misc.

  • Downloaded GeoIP databases were not always cleaned up from /tmp when a download was unsuccessful. This can cause that the script is filling up the root partition. You can reboot your system to free up space if this has happened to you, too. The script has now been cleaned up, and catches any errors to cleanup afterwards.
  • IPsec now supports Curve 448 with 224 bit of security. It is a lightweight and slightly faster alternative to Curve25519 and enabled by default for new connections.
  • Tim Fitzgeorge contributed a patch that restarts the syslog daemon after a backup is being restored to close old log files and write to the restored ones
  • /var/log/mail is now being rotated
  • Updated packages: bind 9.11.12, iptables 1.8.3, iproute2 5.3.0, knot 2.8.4, libhtp 0.5.30, libnetfilter_queue 1.0.4, libpcap 1.9.1, libssh 0.9.0, Net-SSLeay 1.88, pcre 8.43, strongswan 5.8.1, suricata 4.1.5, tzdata 2019c, unbound 1.9.4, wpa_supplicant 2.9

Add-ons

New: speedtest-cli

This is a handy tool to perform a regular speedtest on the console. It was packaged to test the QoS but is handy to test throughput of the firewall to and from the Internet on the console.

Updated Packages

  • bird 2.0.6 now supports RPKI validation by connecting to a process that holds the key material either via TCP or using SSH
  • sane has been updated to version 1.0.28 and now supports more hardware
  • A French translation is now available for the Who is Online? add-on
  • Others: clamav 0.102.0, hostapd 2.9, ipset 7.3, mtr 0.93, nano 4.5, ncat 7.80, nmap 7.80, shairport-sync 3.3.2, tcpdump 4.9.3, tor 0.4.1.6, tshark 3.0.5