Features
This is an overview of all currently available features in IPFire.
A easy packet management system is able to install additional features
to the system.
A full list of addons can be found in the wiki:
Addons.
firewall functions
The main focus of the IPFire distribution is being a firewall. It splits the network
into several parts and allows only operations that are allowed by policy.
- stateful inspection firewall based on linux netfilter architecture
- intrusion detection system with Guardian addon as extension (IPS system)
- filter for invalid/non-standard packages
- separate network segments for server (DMZ) and wireless with custom policies
- DoS attack protection
- application proxies for HTTP and FTP (with access control and content filtering) and DNS
- incoming and outgoing packet filtering with user grouping
- Quality of Service and traffic shaping
essential networking services
IPFire covers essential functions that are needed on every network as well.
- DHCP server
- Dynamic DNS service
- NTP server
- DNS proxy
http proxy
The web proxy service allows to filter and log user activities and
is able to block malicious content.
- caching of web content
- content filtering based on blocking lists and manually defined lists
for blocking malicious content
- time based disabling of access for individual users or entire groups
- simplified management for classes or conference rooms
- advanced storage of updates for Microsoft Windows, Symantec Antivirus, Adobe products, Avira Antivir and Avast Antivirus
- authentication to LDAP, identd, radius or Windows server or a local user database
- transfer limitation (speed and/or traffic volume)
virtual private networking
Virtual private networks (VPNs) are used to securely communicate with
a customer or partner. For a maximum of interoperability, IPFire comes
with multiple implementations.
- IPSec/Strongswan
- network-to-network or network-to-host (roadwarrior)
- IKE - PreSharedKey or
- X.509 certificates from an integrated or external CA
- tunnel reconnection on disconnection and dead-peer-detection
- NAT traversal
- encryption with AES, 3DES, Blowfish, Serpent and Twofish
- HMAC: SHA1, SHA256, SHA384, SHA512
- real time compression
- OpenVPN
- host-to-network (roadwarrior)
- SSL-based encryption: AES, Blowfish, Twofish, 3DES, ...
- real time compression
- automatically generated packages for clients so that there configuration is more simplified
- tunnel across multiple NAT
- PPTP passthrough
supported connection types
IPFire is able to access the internet by lots of common
connection types.
- ethernet links with static ip address or configured via DHCP
configured
- ADSL/SDSL with PPPoE
- DSL via PPTP
- VDSL (a product of Deutsche Telekom)
- UMTS
- automatic reconnect after disconnection by the provider
- reconnect with time based schedule
configuration
All of the functionality provides by IPFire is configureable
with a simple web management interface.
- SSL-encrypted web interface
- SSH access
monitoring
The webinterfaces gives easy access to graphical summaries of logs
that let the administrator recognize any issue easily.
- graphical monitoring of the system with the web interface
- accessible log files with automatic summary of key events
- export function of log files (individually or as a full backup)
