Posts in 2020

This is the official release announcement for the last planned Core Update of this year: IPFire 2.25 - Core Update 153.

Following a certain unethical logic, it makes sense for an attacker to hit the weakest the hardest. Why bother with a reasonably secure firewall if the system behind it is missing important patches? Why try targeting the skilled IT staff - which will ignore the attempt at best, if not blocking your infrastructure for the entire network - if their stressful HR colleagues click on every link and open every document they see? As important as an IPFire's configuration is, this post focuses on the systems behind such a firewall, considering important aspects in terms of both security and privacy.

Today we are releasing an update to the wireless access point feature of IPFire: WPA3

I hope everyone is doing well during lockdown. For those of you, who have some spare time, we would be glad if you could help us testing the next version of IPFire. It comes with many exciting changes...

Another update for IPFire is out: IPFire 2.25 - Core Update 152

IPFire comes with an Intrusion Prevention System named Suricata, which can be easily configured through IPFire's web interface. While an IPS extends, but cannot replace a packet filter - which recommended settings have been discussed earlier -, it needs more customisation in order to work effectively, and some tripping hazards arise in early stages of operation.

It is time for another Core Update: IPFire 2.25 - Core Update 152. It comes with various smaller bug fixes and improvements and updates the Windows File Sharing Add-on.

IPFire 2.25 - Core Update 151 has been released. It comes with various package updates and a number of bug fixes in IPFire Location and security improvements in the SSH service.

This is a more in detail article about how libloc works internally. This might be slightly too tech-savvy for some readers, but it might still be a fun read if you would like to know more about the challenges and implementation of IPFire Location.

On the same day as releasing Core Update 150, the next one - Core Update 151 - is available for testing.

This is official release announcement for IPFire 2.25 - Core Update 150. A brand new update with a new kernel, various package updates, bug fixes and a new Connection Tracking Graph.

The upcoming Core Update is available for testing: It brings an updated kernel, various package updates and bug fixes.

We have been busy baking another large update for you which is full of oozy goodness. It includes an updated toolchain based on GCC 10 and glibc 2.32 and we have added a lot of tuning which makes IPFire 33% faster on some systems.

The last post discussed a secure configuration of the IPFire firewall engine, and, like all other previous posts of this series, referred to a certain aspect of or information security in general. Although if this is undoubtedly an important aspect of IT security - perhaps the most important one -, it is worth looking beyond the box.

We have been busy baking another large update for you which is full of oozy goodness. It includes an updated toolchain based on GCC 10 and glibc 2.32 and we have added a lot of tuning which makes IPFire 33% faster on some systems.

This is the official announcement for the release of IPFire 2.25 - Core Update 148 - an update I have personally been waiting for: We finally roll out replacing Maxmind's GeoIP database by our own improved implementation.

After taking a closer look on how to achieve better DNS settings in terms of privacy, this post elaborates necessary steps for a secure configuration of IPFire's firewall engine.

In the last couple of months, we, the IPFire development team, have launched a small side project: A new location database for the Internet. In this article, I would like to give you a brief background story on why and how it come to this...

After having roamed around infosec in general last week, this post gives some advice on how to gain additional privacy by changing your IPFire's DNS configuration. DNS happens to be a very basic thus quite important protocol of today's internet, but is still being considered a low-risk one when it comes to security and privacy.

This is an update I have personally been waiting for a long time: We finally roll out replacing Maxmind's GeoIP database by our own improved implementation.

Another update is available for IPFire: IPFire 2.25 - Core Update 147. It contains a vast amount of package updates and brings some security updates.

As announced last week, this is the first post of a small series containing security recommendations for IPFire users. The series mainly applies to home users - which are estimated to roughly make up a third of all IPFire installations - and aims to achieve a security level that also offers protection against sophisticated attackers.

Preliminary note: This post primarily affects users falling under German jurisdiction, but may apply to other countries as well, where similar laws are already in place or about to be introduced. Unfortunately, some primary sources are German only.

With this week's release of Core Update 146, we already have made the next one available for testing. It contains a vast amount of package updates and brings some security updates.

The next Core Update for IPFire is available. It updates the IPFire kernel, enhances its hardening and adds mitigations for Intel's latest hardware vulnerabilities.

It is time for another important and exciting update for IPFire. IPFire 2.25 - Core Update 146 is available for testing and updates the IPFire kernel and enhances its hardening against attacks as well as improving its performance.

It is now possible again to donate with PayPal!

This is the official release announcement for IPFire 2.25 - Core Update 145. It introduces new metrics for OpenVPN and ships the largest number of package updates that we have ever had, fixing various bugs and carrying plenty of security-related fixes.

Hello everyone,

I hope everyone is making their way okay through this pandemic. In case you got bored, we have a brand new Core Update available for you for testing.
It introduces new metrics for OpenVPN and ships the largest number of package updates that we have ever had, fixing various bugs and carrying plenty of security-related fixes.

This is the official release announcement for IPFire 2.25 - Core Update 144. This contains a number of security fixes in OpenSSL, the squid web proxy, the DHCP client and more. We recommend to install it as soon as possible and reboot.

Less than 48 hours after releasing IPFire 2.25 - Core Update 143, we already have the next update ready for testing. It is full with fixes for security vulnerabilities in OpenSSL, the squid web proxy, the DHCP client and more.

Hey all you cool cats and kittens,

this is the official release announcement for IPFire 2.25 - Core Update 143 - another update that brings you loads of improvements for IPFire and its build system. We have updated the toolchain and many other essential system libraries as well as including many bug and security fixes.

With the latest release - IPFire 2.25 - Core Update 142, we have added an easy way how to join developers testing IPFire. This is incredibly important for us in order to deliver the best releases of IPFire again and again without any regressions.

The next update is ready for testing. It contains a large number of updated packages in the build system and updates many important system libraries. Among all those updates are many bug fixes and some security fixes.

This is the official release announcement for IPFire 2.25 - Core Update 142. This update comes with many features that massively improve the security and hardening of the IPFire operating system. We have also removed some more components of the systems that are no longer needed to shrink the size of the operating system on disk.

Another exciting feature is landing in Core Update 142: Improved Kernel Rootkit Protection using code signing. This way, IPFire will protect itself against attackers trying to load third-party kernel modules.

Only days after finally releasing our new DNS stack in IPFire 2.25 - Core Update 141, we are ready to publish the next update for testing: IPFire 2.25 - Core Update 142.

IPFire 2.25 - Core Update 141 comes with many new features around DNS. We have cleaned up a couple of problems with the old design and we have added new functionality that will improve security. But it is up to you to make use of this now.

The first exciting big update of the year is ready: IPFire 2.25 - Core Update 141! It comes with a totally reworked DNS system which adds many new features like DNS-over-TLS.

The latest thing that is getting a lot of attention is WireGuard - the new shooting star in terms of VPN. But is it as great as it sounds? I would like to discuss some thoughts, have a look at the implementation and tell you why WireGuard is not a solution that will replace IPsec or OpenVPN.

You will have seen that we have just release an announcement for testing the next release of IPFire - IPFire 2.25 - Core Update 141. The major release number has changed as well as a Core Update has been skipped. But why?

The first exciting big update of the year is ready for testing: IPFire 2.25 - Core Update 141! It comes with a totally reworked DNS system which adds many new features like DNS-over-TLS. On top of that, this update fixes many bugs.

Although it is one of the oldest protocols that is still used on the Internet, DNS is far from "old". It has been changed and updated many times and many applications are now relying on it that didn't in the first place. Without DNS we would not find the servers that serve us the websites that we want, emails won't reach the right server and we now even use it to distribute key material with DANE.

Stefan and I have been taking last week to add DNS over TLS into IPFire - another step to make DNS more private. Here is what we have done.

Maxmind, a US-based company who is quite well-known for providing their GeoIP database which fires a lot of services that need GeoIP data, has changed their usage policy on this database with effect of the beginning of this year. Unfortunately this makes it unusable for IPFire and we have decided to replace it. Here is how we are going to do it.

It is time for the first release of the year, IPFire 2.23 - Core Update 139. It is packed with improvements, software updates, and many many bug fixes.