This is the official release announcement for IPFire 2.17 – Core Update 87, a new major version of the IPFire firewall distribution coming with all sorts of new features and bug fixes.


Most of the work has been done under the hood and in the Linux kernel. This has been updated to version 3.14 and brings better support for various hardware and stability fixes. Various device drivers have been backported from more recent versions of the Linux kernel to combine great stability with best hardware support.

Stability for various ARM platforms has been improved and support for more has been added. Among the new devices are the Banana Pi and Banana Pro boards. Please check out the list of supported ARM boards on the IPFire wiki.


The installer program that helps to install IPFire has been very much improved. It is now easier to use and provides clearer error messages. It allows you to select the disk you want to install IPFire on and does not use the first one any more if there are more than one.

An other main feature is that the installer is now able to download the ISO image from the Internet. That allows it to be used on devices that can not boot from USB drives. Installations using the serial console are possible as well.

The installer allows you to use the XFS filesystem and supports installation on harddisks larger than 2TB by using GPT. The entire partitioning has been rewritten and is able to produce better partitioning layouts.

The unattended installation feature is now usable again and the Installation Guide on the IPFire wiki has been rewritten.

Changing bootloaders on x86

We changed the bootloader on all x86 installations from GRUB-legacy to GRUB2. New systems will be installed right away with the new version and old ones will be migrated. Please make sure to create a backup of your installation in case this upgrade fails.

The huge benefit we get from migrating to GRUB2 is more flexibility for testing new kernels and much better reliability on various hardware.

Security fixes in third-party packages

  • glibc has been patched against the GHOST vulnerability.
  • The ntp package has been updated because of recent security vulnerabilities that have been discovered
  • The openvpn package has been updated to version 2.3.6


  • Timmothy Wilson suggested to use SHA256 for the SSL certificate that is used for accessing the web user interface. All new installations will use this.
  • iw was updated to version 3.14
  • wpa_supplicant and hostapd have been updated for more stable wireless connections
  • Erik Kapfer added tmux as an add-on package
  • Umberto Parma sent in an Italian translation for the web user interface

Updated add-ons

  • Pound has been updated to version 2.7 stable which allows better protection against the POODLE vulnerability
  • mtr has been updated to version 0.86
  • fping has been updated to version 3.10

Like already pointed out in the announcement of the test release, we would like to repeat our disappointment that so few people participated in testing this release. The many changes that come with every IPFire release require testing by many many people from the community. Like many other Open Source projects there has been only little participation in the testing effort and there was only very little feedback which caused this release being delayed for months. We are looking forward to that more people will support this project in the future to make sure that it remains a healthy one and will become even better.

You can support this project by getting involved into development, writing documentation, support fellow IPFire users or with your donation.

Published by Michael Tremer, February 27, 2015 at 2:00 pm