We have updated the Linux kernel to version 4.14.72 which comes with a large number of bug fixes, especially for network adapters. It has also been hardened against various attack vectors by enabling and testing built-in kernel security features that prohibit access to privileged memory by unprivileged users and similar mechanisms. Due to this, the update requires a reboot after it has been installed. Peter has contributed a number of patches that improve security of the SSH daemon running inside IPFire. For those, who have SSH access enabled, it will now require latest ciphers and key exchange algorithms that make the key handshake and connection not only more secure, but also faster when transferring data. For those admins who use the console: The SSH client has also been enabled to show a graphic representation of the SSH key presented by the server so that comparing those is easier and man-in-the-middle attacks can be spotted quickly and easily.

Recent Related News and Releases

Distribution Release: IPFire 2.25 Core 149 IPFire is a Linux-based distribution for network appliances such as routers and firewalls. The project's latest release is IPFire 2.25 Core Update 149 which focuses on performance improvements. " IPFire is based on glibc 2.32, the standard library for all C programs, and GCC 10.2, the GNU Compiler Collection. Both bring various bug fixes and improvements. The most notable change is that we have decided to remove a mitigation Spectre 2 which caused that user space programs in IPFire were running about 50% slower due to using a microcode feature which is called "retpoline". Those "return trampolines" disable the branch prediction engine in out-of-order processors which was considered to help with mitigating leaking any information from any unaccessible kernel space. This is however not as effective as thought and massively decreases performance in the user land which mainly affects features like our Intrusion Prevention System, Web Proxy and URL filter. We still use this mechanism to avoid leaking any kernel memory into the user space. " Additional information can be found in the distribution's release announcement. Download (SHA256): ipfire-2.25.x86_64-full-core149.iso (302MB, torrent, pkglist).

Distribution Release: IPFire 2.25 Core 145 IPFire is an independent Linux distribution designed to help administrators easily manage network security and traffic. The project latest release introduces new monitoring and logging options as well as starting the random number generator earlier in the boot process. " OpenVPN will from now on collect metrics about connected clients. On an extra page, it will be shown which client has connected when and for how long it was connected. The random number generator will be launched earlier in the boot process to see the kernel's pseudo-random number generator as soon as possible. On some systems, this could have blocked the boot process for a couple of minutes. Firewall: Connections that are being NATed will now always be logged in the filter chain, too. vnstat, the tool behind the net traffic graphs on the IPFire web user interface has been updated to use a new database format and refreshes its graphs more often, for more detailed and accurate data. Pakfire correctly uses upstream proxies now. " Further information can be found in the project's release announcement. Download (SHA256): ipfire-2.25.x86_64-full-core145.iso (279MB, pkglist).

Distribution Release: IPFire 2.25 Core 141 IPFire is an independent Linux distribution designed with firewalls and routers in mind and features a web-based interface for easy remote administration. The project's latest release updates several base packages and reworks DNS lookups. " IPFire is a modern distribution as we change and update many essential system components regularly. That allows us to keep you safe, support new features and of course be fast by taking advantage of modern hardware. In this update, we have rebased the system on GCC 9 and added support for Go and Rust. We have included Python 3 to the base system and deprecated Python 2 which is out of support by now. Not everything has been converted to use Python 3 yet, but we will hopefully soon be able to drop support for Python 2 altogether. Unfortunately the system is growing larger and larger with every update. Software in general is quite bloated although we are trying our best to keep IPFire as small as possible. On systems that have a 2GB root partition and many add-ons installed, disk space might be running out. This update clears a lot of files that are no longer needed. " Additional details can be found in the project's release announcement. Download (SHA256): ipfire-2.25.x86_64-full-core141.iso (290MB, pkglist).

Distribution Release: IPFire 2.23 Core 139 IPFire is a lightweight Linux distribution for use on network devices such as firewalls. The distribution is managed through a web interface for easier access. The project's latest update is IPFire 2.23 Core Update 139 and the project's release announcement provides an overview of available improvements: " It is time for the first release of the year, IPFire 2.23 - Core Update 139. It is packed with improvements, software updates, and many many bug fixes. Improved booting & reconnecting: Dialup scripts have been cleaned up to avoid any unnecessary delays after the system has been handed a DHCP lease from the Internet Service Provider. This allows the system to reconnect quicker after loss of the Internet connection and booting up and connecting to the Internet is quicker, too. Improvements to the Intrusion Prevention System: Various smaller bug fixes have been applied in this Core Update which makes our IPS a little bit better with every release. To take advantage of deeper analysis of DNS packets, the IPS is now informed about which DNS servers are being used by the system. TLSL: IPFire is configured as securely as possible. " Download: ipfire-2.23.x86_64-full-core139.iso (281MB, SHA256, pkglist).

Distribution Release: IPFire 2.23 Core 137 IPFire is a Linux distribution that focuses on easy setup, good handling and high level of security. It is operated via a web-based interface which offers many configuration options for beginning and experienced system administrators. The project has released a new stable update, IPFire 2.23 Core Update 137, which includes improved Quality of Service performance and updates the Linux kernel. " We are happy to announce the release of IPFire 2.23 - Core Update 137. It comes with an updated kernel, a reworked Quality of Service and various bug and security fixes. Development around the Quality of Service and tackling some of the bugs required an exceptional amount of team effort in very short time and I am very happy that we are now able to deliver the result to you to improve your networks.... As explained in detail in a separate blog post from the engine room, we have been working hard on improving our Quality of Service (QoS). It allows to pass a lot more traffic on smaller systems as well as reduces packet latency on faster ones to create a more responsive and faster network. To take full advantage of these changes, we recommend to reboot the system after installing the update. release announcement. Download: ipfire-2.23.x86_64-full-core137.iso (268MB, pkglist).

Distribution Release: IPFire 2.23 Core 135 Michael Tremer has announced the available of a new release of IPFire, a Linux distribution often used on firewalls and routers. The distribution's latest release is IPFire 2.23 Core Update 135: " This is the official release announcement for IPFire 2.23 - Core Update 135, which is packed with a new kernel, various bug fixes and we recommend to install it as soon as possible. The IPFire Linux kernel has been rebased on 4.14.138 and various improvements have been added. Most notably, this kernel - once again - fixes CPU vulnerabilities. On x86_64, the effectiveness of KASLR has been improved which prevents attackers from executing exploits or injecting code. DNS: unbound has been improved so that it will take much less time to start up in case a DNS server is unavailable. Scripts that boot up IPFire have been improved, rewritten and cleaned up for a faster boot and they now handle some error cases better. Updated packages: dhcpcd 7.2.3, nettle 3.5.1, squid 4.8, tzdata 2019b. " Additional information can be found in the distribution's release announcement. Download (SHA256): ipfire-2.23.x86_64-full-core135.iso (261MB, pkglist).

Distribution Release: IPFire 2.23 Core 131 Michael Tremer has announced the release of IPFire 2.23, a major update of the project's specialist Linux distribution for firewalls. The new version brings a brand-new intrusion detection system: " Finally, we are releasing another big release of IPFire. In IPFire 2.23 Core Update 131, we are rolling out our new Intrusion Prevention System (IPS). On top of that, this update also contains a number of other bug fixes and enhancements. We are finally shipping our recently announced IPS - making all of your networks more secure by deeply inspecting packets and trying to identify threats. This new system has many advantages over the old one in terms of performance, security and it simply put - more modern. We have put together some documentation on how to set up the IPS, what rulesets are supported and what hardware resources you will need. Your settings will automatically be converted if you are using the existing Intrusion Detection System (IDS) and replicated with the new IPS. " Read the rest of the release announcement for more information. Download (SHA256, pkglist): ipfire-2.23.x86_64-full-core131.iso (256MB, torrent), ipfire-2.23.i586-full-core131.iso (251MB, torrent).

Distribution Release: IPFire 2.21 Core 127 The IPFire project creates a Linux distribution for firewalls which offers a range of security tools and is designed to be easy to set up. The project has published an update, IPFire 2.21 Core Update 127, which improves web proxy speed and removes some old features in order to enhance security. " We have dropped some features that no longer make sense in 2019: Those are the web browser check and download throttling by file extension. Since the web is migrating more and more towards HTTPS, those neither work for all the traffic, nor are they very reliable or commonly used. We have also removed authentication against Microsoft Windows NT 4.0 domains. Those authentication protocols used back then are unsafe for years and nobody should be using those any more. Please consider this when updating to this release. We have also mitigated a security issue in the proxy authentication against Microsoft Windows Active Directory domains. " The distribution's release announcement offers further details. Download (SHA256): ipfire-2.21.x86_64-full-core127.iso (254MB, torrent, pkglist).

Distribution Release: IPFire 2.21 Core 122 IPFire is a Linux distribution for firewalls which offers a range of security tools and is designed to be easy to set up. The distribution's developers have released IPFire 2.21 Core Update 122, which features an upgraded Linux kernel and a corresponding removal of the grsecurity patches. " The distribution was rebased from our old long-term supported kernel to the new kernel 4.14.50. Most importantly, this kernel improves the security of the system, increases performance and makes the core of IPFire more up to date and modern again. This update also enables mitigation against Meltdown and Spectre on some architectures. On Intel-based platforms, we update the microcode of the CPUs when the system boots up to avoid any performance penalties caused by the mitigation techniques. Unfortunately, grsecurity is incompatible with any newer kernels and has been removed. This is connected to the decision of the grsecurity project to no longer open source their patches. Luckily the kernel developers have backported many features so that this kernel is still hardened and secure. ARM systems won't be able to install this update due to the kernel change which also requires changes on some bootloaders. " Further details can be found in the release announcement. Download (SHA1): ipfire-2.21.x86_64-full-core122.iso (210MB, torrent, pkglist).

Distribution Release: IPFire 2.19 Core 120 IPFire is a Linux distribution which focuses on security and is suited for being used as a firewall. Administration is handled through a web interface. The project has released a new update to its 2.19 series: IPFire 2.19 Core Update 120. The new version removes old and broken cryptography functions and introduces new security requirements: " Cryptography is one of the foundations to a secure system. We have updated the distribution to use the latest version of the OpenSSL cryptography library (version 1.1.0). This comes with a number of new ciphers and major refacturing of the code base has been conducted. With this change, we have decided to entirely deprecate SSLv3 and the web user interface will require TLSv1.2 which is also the default for many other services. We have configured a hardened list of ciphers which only uses recent algorithms and entirely removes broken or weak algorithms like RC4, MD5 and so on. Please check before this update if you are relying on any of those, and upgrade your dependent systems. " A complete list of changes can be found in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core120.iso (171MB, torrent, pkglist).

Distribution Release: IPFire 2.19 Core 117 IPFire is a Linux distribution that is focused on easy setup, good handling and high level of security. It is operated via an intuitive web-based interface which offers many configuration options for beginning and experienced system administrators. The project has released a new update, IPFire 2.19 Core Update 117, which features several security fixes and improvements. " One moderate and one low security vulnerability have been patched in OpenSSL 1.0.2n. The official security advisory can be found here. It is now possible to define the inactivity timeout time when an idle IPsec VPN tunnel is being closed. Support for MODP groups with subgroups has been dropped. Compression is now disabled by default because it is not very effective at all. strongswan has been updated to 5.6.1. It is now easier to route OpenVPN Roadwarrior Clients to IPsec VPN networks by choosing routes in each client’s configuration. This makes hub-and-spoke designs easier to configure. " Further details can be found in the distribution's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core117.iso (173MB, torrent, pkglist).

Distribution Release: IPFire 2.19 Core 113 IPfire is an independent Linux distribution for use on firewalls and routers. The project has released a new update, IPFire 2.19 Core Update 113. The new version includes the "Who Is Online" utility to assist administrators is viewing which network devices are connected. " This is the official release announcement for IPFire 2.19 - Core Update 113. The change log is rather short, but comes with a big new feature - Who Is Online? (or WIO in short) has finally arrived on IPFire. It is a built-in monitoring service for the local network showing what devices are connected, which ones are on line and can also send alarms on various events. Give it a try!The DNS root keys have been updated to make DNS work beyond October 2017 after the DNSSEC key rollover has been performed. Serial consoles now automatically detect the baudrate after the kernel has been booted. Package updates - Bind 9.11.2, GnuTLS 3.5.14, libgcrypt 1.8.0, Nano 2.8.6, Squid 3.5.26... " Further details on this release and its updated packages can be found in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core113.iso (167MB, torrent, pkglist).

Distribution Release: IPFire 2.19 Core 111 Michael Tremer has announced a new update to the IPFire distribution for firewalls. The new version, IPFire 2.19 Core Update 111, features a number of security improvements which allow IPFire to connect to wireless networks and drops older (potentially vulnerable) cryptography functions for newer, stronger ones. Quality of Service (QoS) handling now uses multiple CPU cores when available in order to offer better performance. " The firewall can now authenticate itself with a wireless network that uses Extensible Authentication Protocol (EAP). These are commonly used in enterprises and require a username and password in order to connect to the network. IPFire supports PEAP and TTLS which are the two most common ones. They can be found in the configured on the 'WiFi Client' page which only shows up when the RED interface is a wireless device. This page also shows the status and protocols used to establish the connection. The index page also shows various information about the status, bandwidth and quality of the connection to a wireless network. That also works for wireless networks that use WPA/WPA2-PSK or WEP. " Further details can be found in the distribution's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core111.iso (173MB, torrent, pkglist).

Distribution Release: IPFire 2.19 Core 110 IPFire is an independently developed Linux distribution with security and firewall configuration in mind. The distribution can be managed through a web-based interface. The IPFire project's latest release, IPFire 2.19 Core Update 110, features on-demand IPsec VPNs and performance improvements for DNS queries. " This is the official release announcement for IPFire 2.19 - Core Update 110. This updates comes with some exciting new features as well as updates of many system packages and many bug and security fixes. IPFire used to keep IPsec VPNs up all the time. This wastes resources if a connection is not used very often for example for a daily backup only. Core Update 110 allows to configure IPsec VPNs in an On-Demand mode which will establish the connection as soon as it is needed and will close it after 15 minutes of inactivity to save resources. This is especially handy for people who have a large number of IPsec net-to-net connections on either weak hardware or connections that are not required all the time like maintenance or backup connections, etc. " These and other changes are detailed in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core110.iso (165MB, torrent, pkglist).

Distribution Release: IPFire 2.19 Core 108 The IPFire project has announced an update to the security-minded Linux distribution. The new release fixes some issues with the project's 2.19 series and carries the name IPFire 2.19 Core Update 108. " Just before Christmas, we are going to release the last Core Update for 2016. IPFire 2.19 - Core Update 108 brings some minor bug fixes and feature enhancements, some security fixes in ntp and various fixes in the squid web proxy. Asynchronous logging is now enabled by default and not configurable any more. This made some programs that wrote an extensive amount of log messages slow down and possible unresponsive over the network which causes various problems. This was seen on systems with very slow flash media and virtual environments. " The release announcement includes further details and list of updated packages. Download (SHA1): ipfire-2.19.x86_64-full-core108.iso (163MB, torrent, pkglist).

Distribution Release: IPFire 2.19 Core 103 The IPFire project has announced a new update to the distribution's 2.19 series. The new version, IPFire 2.19 Core 103, features updates to the Squid proxy service, ClamAV anti-virus software and Tor networking software. " The web proxy Squid has been updated to the 3.5 series and various improvements for stability and performance were made. On machines with slow hard disks or on installations with very large caches it was likely to happen that the cache index got corrupted when the proxy was shut down. This resulted in an unstable web proxy after the next start. The shutdown routine was improved so that a cache index corruption is now very unlikely. Additionally we have means installed that allow us to detect if the cache index was corrupted and if so have it automatically rebuilt at the next start. This update will delete the presumably corrupted index on all installations and start a rebuild of the index, which could result in slow operation of the proxy for a short time after installing the update. Details can be found in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core103.iso (160MB, torrent, pkglist).

Distribution Release: IPFire 2.19 Core 100 The IPFire project has released the 100th update to the project's 2.19 branch. The new version, IPFire 2.19 Core 100, introduces a 64-bit build along with an updated Linux kernel. " It is a great moment to us and we are very proud to release the 100th Core Update today. This update will bring you IPFire 2.19 which we release for 64-bit on Intel (x86_64) for the first time. This release was delayed by the various security vulnerabilities in OpenSSL and glibc, but is packed with many improvements under the hood and various bug fixes. " A number of fixes have been backported to the project's Linux kernel: " As with all major releases, this one comes with an updated Linux kernel to fix bugs and improve hardware compatibility. Linux 3.14.65 with many backported drivers from Linux 4.2 is also hardened stronger against common attacks like stack buffer overflows. Many firmware blobs for wireless cards and other components have been updated just as the hardware database. " Additional information can be found in the project's release announcement. Download (SHA1): ipfire-2.19.x86_64-full-core100.iso (159MB, torrent, pkglist)

Distribution Release: IPFire 2.17 Core 95 The developers of IPFire, an independent distribution which focuses on security, have announced a new update to their distribution. The latest release, IPFire 2.17 Core Update 95, offers users a number of improvements to the IPsec VPN software and an updated Linux kernel. " This is the official release announcement for IPFire 2.17 Core Update 95 which is a bigger release with a new kernel and various smaller feature enhancements and bug fixes. This update contains a minor update to the Linux kernel IPFire is using based on Linux 3.14.57. Various device drivers for Intel network controllers and some other hardware have been improved. strongswan has been updated to version 5.3.3 and much work was done on the IPsec VPN stack. The changes include feature enhancements and bug fixes. It is now possible to configure more than one subnet per IPsec net-to-net connection- That makes configuration for more complex networks easier and also reduces the overhead for the IPsec connection. " Further information can be found in the project's release announcement. Downloads (SHA1): ipfire-2.17.i586-full-core95.iso (157MB, torrent, pkglist).

Distribution Release: IPFire 2.17 Core 94 The development team behind IPFire, a independent Linux distribution for firewalls, has released a new update. The new release, IPFire 2.17 Core Update 94, includes a number of package upgrades, including OpenSSH 7.1p1. This release also cleans up the web interface and includes a mail agent in the base system. " OpenSSH was updated to version 7.1p1. With that we added support for elliptic curves (ECDSA and ED25519) and removed support for DSA which is considered broken. Too small RSA keys are removed as well and regenerated. These changes may require to import the keys of the IPFire system on your admin computer again. An internal mail agent was added that is used by internal services to send out reports or alerts. So far only a few services use this (like the squid accounting add-on), but we expect to add more things in the future. This is a very simple and lightweight mail agent that can be configured on the web user interface and will usually require an upstream mail server. " Further details on the release of IPFire 2.17 Core Update 94 can be found in the project's release announcement. Downloads (SHA1): (157MB, torrent, pkglist).

Distribution Release: IPFire 2.17 Core Update 93 The developers of IPFire, an independent Linux distribution designed to be run on firewalls, VPNs and network gateways, have released IPFire 2.17 Core Update 93. The new release includes a number of bug fixes and expands support for dynamic DNS services. " This is the official release announcement of IPFire 2.17 - Core Update 93. This update comes with various security fixes in the Squid web proxy, the dnsmasq DNS proxy server and the Perl-compatible regular expressions library. ddns, our dynamic DNS update client, has been updated to version 008. This version is more robust against network errors on the path and server errors at the provider. Updates will then be retried frequently. The providers joker.com and DNSmadeEasy are now supported. A crash when updating namecheap records has been fixed. Pakfire was fixed and now correctly pulls additional dependencies of add-on packages when updating from an older version. TRIM is disabled on some SSDs with known firmware bugs that cause data loss. " Further information can be found in the project's release announcement. Downloads (SHA1): ipfire-2.17.i586-full-core93.iso (157MB, torrent, pkglist).

Distribution Release: IPFire 2.17 Core 91 The IPFire project, which makes an independent open source firewall solution, has announced an important security update to their distribution. The new release, IPFire 2.17 Core Update 91, patches known OpenSSL and IPsec vulnerabilities. " This is the official release announcement for IPFire 2.17 – Core Update 91. This update comes with various security fixes - most notably fixes for six security vulnerabilities in the OpenSSL library and two more vulnerabilities in strongSwan. OpenSSL security vulnerabilities: There are six security vulnerabilities that are fixed in version 1.0.2b of openssl. This version contained an ABI breakage bug that required us to wait for a fix for that and rebuild this Core Update... StrongSwan IPsec security vulnerability: In strongSwan 5.3.1, a security vulnerability that is filed under CVE-2015-3991 was fixed. A denial-of-service and potential code execution was possible with specially crafted IKE messages. IPFire ships now version 5.3.2 which fixes a second vulnerability (CVE-2015-4171). " The IPFire project recommends installing the new security update and rebooting the distribution to make sure these serious vulnerabilities have been patched. Further information can be found in the project's release announcement. Downloads (SHA1): ipfire-2.17.i586-full-core91.iso (156MB, pkglist).

Distribution Release: IPFire 2.17 Core 90 The IPFire team has announced the release of IPFire 2.17 Core Update 90. The new release offers a number of security enhancements, including the use of GeoIP filtering and the disabling of vulnerable security protocols. The project's kernel and system services have also been updated and patched against known vulnerabilities. " Attackers originate from all sorts of places in the world. Often huge networks of bots scan the entire Internet for services that are publicly accessible and possible to exploit. With GeoIP-based blocking it is possible to mitigate many of those scans to take off the load of the firewall engine and to secure those publicly accessible services. With GeoIP-based firewall rules it is possible to filter incoming and outgoing traffic related on their source or desired destination countries. " Further details are available in the project's release announcement. Downloads (SHA1): ipfire-2.17.i586-full-core90.iso (156MB, torrent, pkglist).

Distribution Release: IPFire 2.17 Core 89 Michael Tremer has announced the launch of IPFire 2.17 Core 89. This new release brings a number of new features to the specialist firewall distribution, including VPN connection graphs, a list of new providers and improved error handling. " This is the official release announcement of IPFire 2.17 - Core Update 89. This one comes with some new features, many updates of software packages and various minor bug fixes. OpenVPN Net-To-Net Statistics: Connection statistics of OpenVPN net-to-net connections are now collected and graphed. They show incoming and outgoing traffic of the VPN connections and compression ratios. Dynamic DNS Updater: The dynamic DNS updater tool ddns has been massively extended - A database is used to track successful and failed updates. ddns will automatically back-off when an update could not be performed and will re-try after a longer time. nsupdate.info asked to never repeat any updates after one has failed for any reason... " Further information can be found in the project's release notes. Downloads (SHA1): ipfire-2.17.i586-full-core89.iso (155MB, pkglist).

Distribution Release: IPFire 2.17 Core 87 Michael Tremer has announced the release of IPFire 2.17 Core 87, a major new update of the project's specialist distribution for firewalls, featuring an updated kernel and GRUB 2 bootloader: " This is the official release announcement for IPFire 2.17 - Core Update 87, a new major version of the IPFire firewall distribution coming with all sorts of new features and bug fixes. Most of the work has been done under the hood and in the Linux kernel. This has been updated to version 3.14 and brings better support for various hardware and stability fixes. Various device drivers have been backported from more recent versions of the Linux kernel to combine great stability with best hardware support. Stability for various ARM platforms has been improved and support for more has been added. Among the new devices are the Banana Pi and Banana Pro boards. Please check out the list of supported ARM boards on the IPFire wiki. The installer program that helps to install IPFire has been very much improved. " Read the rest of the release announcement for a full changelog. Download: ipfire-2.17.i586-full-core87.iso (154MB, SHA1, pkglist).

Distribution Release: IPFire 2.15 Core 86 Michael Tremer has announced the release of IPFire 2.15 Core 86, a new stable build of the project's specialist Linux distribution for firewalls: " This is the official release announcement of IPFire 2.15 - Core Update 86 which brings various security fixes across several packages. Hence we recommend installing this update as soon as possible and to execute a reboot afterwards. The openssl library which implements the TLS/SSL protocol and is used by various other packages in the system has been updated to version 1.0.1k. This release fixes eight security issues that have all been classified with 'moderate'. OpenVPN has been updated to version 2.3.6 which also fixes a security vulnerability that allowed remote authenticated users to cause a denial of service. strongSwan has been updated to version 5.2.1. Originally, Core Update 86 was planned to become IPFire 2.17. This release has been postponed because we still require some people to send us feedback. " The release announcement. Download: ipfire-2.15.i586-full-core86.iso (132MB, SHA1, pkglist).

Distribution Release: IPFire 2.15 Core 84 Michael Tremer has announced the release of IPFire 2.15 Core 84, a new stable release of the specialist distribution designed for firewalls: " This is the official release announcement for IPFire 2.15 Core Update 84. This is a release that fixes some security issues in the GNU Bash package which are commonly known as 'Shellshock' and it comes with more fixes and minor feature enhancements. As you may have already seen on the news, the Shellshock issues made more people look into the code of the default shell of many *nix systems. Those people found many more programming errors and provided fixes for them which have been applied in this release. IPFire is now shipping GNU Bash 4.3.30 and the companion library readline in version 6.3. There have been some denial of service issues in the Squid web proxy which have been fixed in release 3.4.8. Those are of minor severity only and quite possibly cannot be exploited to inject code. The firewall got a couple of new features which I explained in detail in a post on the IPFire planet. " Read the rest of the release announcement for a more detailed changelog. Download: ipfire-2.15.i586-full-core84.iso (132MB, SHA1, pkglist).

Distribution Release: IPFire 2.15 Core 82 Michael Tremer has announced the release of IPFire 2.15 Core 82, a new stable release of the specialist distribution designed for firewalls: " This is the official release announcement for IPFire 2.15 Core Update 82. This Core Update's main features are the inclusion of the crowd-funded Windows Active Directory Single Sign-On Web Proxy and the option to disable masquerading (NAT) on the local networking interfaces. In addition to that, several system libraries and tools have been updated, and minor bugs have been fixed. Proper and secure authentication against the Squid web proxy has not been possible in IPFire before. The 'Windows' authentication has been broken for a long time since there were bigger changes in the Windows Domain Controllers. This update adopts IPFire to the new and secure Active Directory authentication interfaces which use the SMB and Kerberos protocols. " Read the rest of the release announcement for a more detailed changelog. Download: ipfire-2.15.i586-full-core82.iso (132MB, SHA1, pkglist).

Distribution Release: IPFire 2.15 Core 80 Michael Tremer has announced the release of IPFire 2.15 Core 80, a new stable release of the project's specialist Linux distribution for firewalls: " This is the official release announcement for IPFire 2.15 Core Update 80. It comes with lots of new features, some bug fixes and some minor security fixes. There has been a crowd-funding on the IPFire wishlist which raised money for implementing a DNSSEC validating DNS proxy. The DNS proxy service that is running inside of IPFire has been forked and some features that were dropped in the upstream version have been backported. IPFire now validates every DNS response of zones that are signed. If the DNSSEC signatures do not validate a DNS error is raised and therefore spoofing attacks are not longer possible. However, it is not sufficient for the internal DNS proxy to have DNSSEC enabled. Client systems should validate DNSSEC records. " Continue to the release announcement for full details. Download: ipfire-2.15.i586-full-core80.iso (128MB, SHA1).

Distribution Release: IPFire 2.15 Core 79 Michael Tremer has announced the release of IPFire 2.15 Core 79, the latest stable release of the project's specialist Linux distribution for firewalls: " IPFire 2.15 Core Update 79 is finally arriving with many bug fixes and enhancements. Among the big changes with this update are lots feature enhancements that massively increase the security level of OpenVPN connections, some enhancements of the web user interface and a lot more awesome stuff under the hood. The OpenVPN capabilities have been massively extended by Erik Kapfer. The certificate authority that can be created on the OpenVPN page now uses much better hashes to protect the integrity of itself. The CA root certificate uses a SHA512 hash and a RSA key with length of 4096 bit. All new created host certificates use a RSA key with 2048 bit length and a SHA256 hash. Additionally, a set of Diffie-Hellman parameters can be generated for better protection of the session keys. " Read the detailed release announcement for further information. Download: ipfire-2.15.i586-full-core79.iso (126MB, SHA1).

Distribution Release: IPFire 2.15 Core 77 Michael Tremer has announced the release of IPFire 2.15 Core 77, a new version of the specialist Linux distribution designed for firewalls. This is the project's first release of the 2.15 series and it's a major update. From the release announcement: " This is the official release announcement of IPFire 2.15 (Core Update 77). It is the release with the most changes since the beginning of the IPFire 2 series. Those changes include major work on the base of the system, security has been improved in lots of ways and there are many changes regarding the user interface. The firewall GUI has been in development for over a year now and has been massively extended so that almost everything is possible now. There are groups which make creating rules for multiple hosts or services very easy and help you to hold your nerves, even with complex rule sets. All your rules will be automatically converted, but we recommend to double check that everything works as intended. " Download from here: ipfire-2.15.i586-full-core77.iso (122MB, SHA1).

Distribution Release: IPFire 2.13 Core 76 Michael Tremer has announced the release of IPFire 2.13 Core 76, a new build of the specialist firewall distribution that fixes a security issue in strongSwan: " This is the official release announcement for IPFire 2.13 – Core Update 76. It comes with a security fix for the strongSwan package which is responsible for IPsec VPN connections. The vulnerability has got the number CVE-2014-2338. It was possible to bypass the authentication and therefore to overtake a VPN connection whilst the original peers are rekeying. IKEv1 connections are not vulnerable, but IKEv2. Please update as soon as possible. I would also like to draw your attention towards the upcoming release of IPFire 2.15. The first release candidate has been released a couple of weeks ago and we are searching for testers to find any last-minute bugs. " Here is the brief release announcement. Download from here: ipfire-2.13.i586-full-core76.iso (103MB, SHA1).

Distribution Release: IPFire 2.13 Core 75 Michael Tremer has announced the release of IPFire 2.13 Core 75, an updated version of the project's specialist distribution for firewalls: " So it is a new year and here is the first update of 2014: IPFire 2.13 Core Update 75. It comes with urgent bug fixes that solve problems introduced in the previous update. Due to a change in OpenVPN 2.3, the common name of the certificate of the user that was connection was formatted in another way than before. As such, the certificate could not be properly validated because it was searched for with a different name. This update ships a fixed version of the verify script that can work with both formats of the common name. Because of a related cause, the route configuration was not pushed to some clients when they connected. This issue, filed under bug id #10323, has been addressed in this update. " See the release announcement for more information. Download: ipfire-2.13.i586-full-core75.iso (103MB, SHA1).

Distribution Release: IPFire 2.13 Core 74 Michael Tremer has announced the release of IPFire 2.13 Core 74, an updated version of the Linux-based, security-hardened distribution for firewalls: " IPFire 2.13 Core Update 74 released. It comes with a bunch of minor updates and fixes some minor bugs. Update to Squid 3.3.11. The latest maintenance update of the Squid web proxy package has been applied. The maximum number of file descriptors has again been increased to 1,048,576 and the issue which made it was impossible for the Squid daemon to set the desired configuration value has been fixed. The OpenVPN package has been updated to version 2.3.2. strongSwan, the package responsible for IPsec VPN connections, has been updated to version 5.1.1. The HTTPS key and certificate that are used for communicating with our IPFire web user interface has been increased to 4,096 bits. This follows the general advice by various authorities. New installations will automatically generate a longer key. " Read the release announcement for further details. Download: ipfire-2.13.i586-full-core74.iso (103MB, SHA1).

Distribution Release: IPFire 2.13 Core 73 IPFire 2.13 Core 73 is the latest stable release from the project that provides a hardened firewall distribution with corporate-level network protection: " IPFire 2.13 Core Update 73 comes with a bunch of smaller bug fixes and updates. The most important ones of these are updates of the Squid web proxy server, OpenSSH and the PHP Hypertext Processor. It is recommended to update as soon as possible. The Squid web proxy server has been updated to version 3.3.10. The most notable changes since the current version of Squid running in IPFire are better SMP scalability, an updated logging infrastructure and fixes. The transparent mode has been dropped in favour of the more general intercept mode which requires a different port than for the transparent mode. There is no intervention by the user required, when updating your IPFire system. " Continue to the release announcement to learn about the changes and updates. Download from here: ipfire-2.13.i586-full-core73.iso (103MB, SHA1).

Distribution Release: IPFire 2.13 Core 71 IPFire 2.13 Core 71, the latest stable release of a hardened firewall distribution offering corporate-level network protection, has been released: " This update comes with some new features and minor bug fixes. It is now possible to assign a wireless adapter as the RED interface. A GUI has been written where you can configure wireless access points, to which the IPFire system will connect when in reach. You will be able to configure backup access points, to which IPFire will switch when the first one is down or out of reach. You can prioritize them, so that you can connect to the best one when ever that is possible. All common encryption technologies are supported. A new GUI has been written on which you are able to define different name servers than the public name servers for your DNS zones. The Intrusion Detection System (IDS) snort has been updated to version 2.9.5. " Read the complete release announcement. Download: ipfire-2.13.i586-full-core71.iso (102MB, SHA1).

Distribution Release: IPFire 2.13 Core 70 Michael Tremer has announced the release of IPFire 2.13 Core 70, the latest stable release from the project developing open-source software solutions for routers and firewalls: " Today, the IPFire development team released the 70th Core update for IPFire 2. This update comes with a new kernel and some minor enhancements. Another kernel update to Linux 3.2.48 fixes various smaller bugs. In addition to that, we switched back to the official in-tree drivers for Realtek r81xx-based network adapters. The e1000e and igb kernel modules which control Intel Ethernet adapters have been updated as well. IPFire brings some data for wireless networks which basically contains information about which frequencies may be used in which countries. This database has been updated and covers more places in the world. " Read the rest of the release announcement for further information. Download: ipfire-2.13.i586-full-core70.iso (102MB, SHA1).

Distribution Release: IPFire 2.13 Core 69 Michael Tremer has announced the release of IPFire 2.13 Core 69, a new stable version of the project's specialist Linux distribution for firewalls and routers: " Today, the IPFire development team released the 69th Core update for IPFire 2. This update comes with a new kernel and some minor enhancements. The Linux kernel has been updated to address several security issues and other bugs. The kernel is based on Linux 3.2.46 and comes with a newer wireless stack from kernel 3.8.3. Some wireless hardware has got better support in term of stability and we have added some more drivers for several networking hardware like USB Ethernet adaptors and so on. The install disk has got a new bootloader where you now can install other versions of IPFire as well. There are also some diagnostic tools and other installation options available. " Here is the full release announcement. Download: ipfire-2.13.i586-full-core69.iso (102MB, SHA1).

Distribution Release: IPFire 2.13 Core 68 Michael Tremer has announced the release of IPFire 2.13 Core 68, a minor bug-fix update of the specialist distribution for firewalls and routers: " Today the IPFire development team released the 68th Core update for IPFire 2. This update brings various bug fixes and minor enhancements. The strongSwan team released version 5.0.4 which fixes an authentication bypass for certificates that use Elliptic Curves. As we don't use them in IPFire by default, this is not too serious an issue, but we still updated the strongSwan package. The update also contains some changes that fix unstable IPsec connections, a minority of users was experiencing. Since Core Update 65, disabling OpenVPN roadwarrior connections had no effect, so that users could still connect. This has also been fixed with this release. The web user interface comes with a new status bar which now has a cleaner design and provides more information. " Read the rest of the release announcement for more details. Download (SHA1): ipfire-2.13.i586-full-core68.iso (99.4MB), ipfire-2.13.1gb-ext4.armv5tel-full-core68.img.gz (163MB).

Distribution Release: IPFire 2.13 Core 67 Michael Tremer has announced the release of IPFire 2.13 Core 67, an updated version of the hardened Linux-based appliance distribution designed for use as a firewall: " Today, the IPFire development team released the 67th core update for IPFire 2. This update comes within the usual 4-week schedule and brings various bug fixes. New wireless drivers. With IPFire 2.13 came a new kernel based on Linux 3.2. The wireless drivers were taken from Linux kernel 3.6 and subsequently, some users reported that their hardware did not work as well as it had previously. With this core update, the wireless drivers have been grabbed from Linux kernel 3.8, where numerous problems have been fixed and also new hardware support has been added. Please note that a reboot is required to make use of the new drivers. The driver for ASIX USB network adapters has also been updated to version 4.5. " Read the full release announcement for further details. Download: ipfire-2.13.i586-full-core67.iso (93.4MB, SHA1).

Distribution Release: IPFire 2.13 Michael Tremer has announced the release of IPFire 2.13, a major new update of the project's specialist distribution for firewalls: " Today is the day on which we officially release IPFire 2.13. We are very proud to have a brand-new milestone release with a lot of exciting, new features. The list of changes, enhancements, and fixes is endless, but we would like you to pay special attention to the following features which we're the most excited about. The most important components of the base system have been updated to include a brand-new kernel based on the Linux 3.2 release. With that, IPFire now supports more hardware than ever before and many of the hardware problems from the past should be gone. The most basic system libraries have been replaced as well, giving us great performance and fixing some general security issues. " Here is the full release announcement. Download: ipfire-2.13.i586-full-core66.iso (93.4MB, MD5, torrent).

Distribution Release: IPFire 2.11 Core 65 Michael Tremer has announced the release of IPFire 2.11 Core 65, the latest update of the project's specialist firewall distribution: " Today, the last core update for IPFire 2.11 in this year has been released. It is the 65th of the IPFire 2 series and comes with some new features and bug fixes. Alexander Marx developed a graphical interfaces with help of which one can configure OpenVPN roadwarrior clients individually. It is possible to add routes, different DNS servers, static IP addresses to individual roadwarrior clients. One may also add networks from which IP addresses may be assigned to clients. Those subnets and static IP addresses can be used to create firewall rules and permit clients only to access certain parts of a network. More work in this area will be released in the future. " More information on new features can be found in the release announcement. Download: ipfire-2.11.i586-full-core65.iso (77.9MB, torrent), ipfire-2.11.2gb-ext2.armv5tel-full-core65.img.gz (126MB, torrent).

Distribution Release: IPFire 2.11 Core 64 Michael Tremer has announced the release of IPFire 2.11 Core 64, a specialist firewall distribution, with updated intrusion detection software and fixed MAC rules: " Today, we are releasing the 64th Core Update for IPFire 2.11. The Intrusion Detection program Snort has been updated to version 2.9.3.1, the corresponding daq library to version 1.1.1. This enables Snort to work with the latest VRT rule set. Outgoing firewall - the broken MAC rules have been fixed. It was impossible to use the MAC rules to allow hosts to access the Internet. A bigger rewrite of the code fixes this problem and makes the outgoing firewall a bit more performing. Minor bugs and feature enhancements: update accelerator - the path to the delete icon has been fixed; pakfire can now use the XZ compression. " See the release announcement for more details and a note on the upcoming IPFire 2.13. Download: ipfire-2.11.i586-full-core64.iso (77.8MB, torrent), ipfire-2.11.2gb-ext2.armv5tel-full-core64.img.gz (126MB, torrent).

Distribution Release: IPFire 2.11 Core 63 Michael Tremer has announced the release of IPFire 2.11 Core 63, a bug-fix version of the project's specialist distribution for firewalls: " Today, we are releasing the 63rd Core update for IPFire 2.11. This update fixes some minor problems and fixes two security issues in Apache. Software updates: Apache 2.2.23 - because of CVE-2012-2687 aka CVE-2008-0455 and CVE-2012-0883; DHCP 4.2.2 - because the older version got confused with VLANs; fireinfo 2.1.6 - ignore some more invalid ID strings. Other bug fixes: the long awaited OpenVPN fragment/mssfix bug has been fixed and the network VLANs initscript is not too noisy any more. Despite that, some invalid HTML output was generated by the index.cgi script. " Here is the brief release announcement. Download for the i586 or ARM architectures: ipfire-2.11.i586-full-core63.iso (77.9MB, torrent), ipfire-2.11.2gb-ext2.armv5tel-full-core63.img.gz (126MB, torrent).

Distribution Release: IPFire 2.11 Core 62 Michael Tremer has announced the release of IPFire 2.11 Core 62, a specialist distribution of Linux for firewalls: " Today, we are releasing the 62nd Core update for IPFire 2.11. This update fixes some security problems and also adds some new functionality. We recommend that you update your IPFire installations as soon as possible if you are using the outgoing firewall in mode Fixed: outgoing firewall permits hosts on BLUE to access the Internet. In earlier releases, it was possible for hosts on the BLUE network to access resources on the Internet which are allowed by the outgoing firewall although no permission has been granted to the host (blue access). This is a moderate risk. " Read the rest of the release announcement for additional information. Download for the i586 or ARM architectures: ipfire-2.11.i586-full-core62.iso (77.6MB, torrent), ipfire-2.11.2gb-ext2.armv5tel-full-core62.img.gz (126MB, torrent).

Distribution Release: IPFire 2.11 Core 61 Michael Tremer has announced the release of IPFire 2.11 Core 61, a specialist Linux distribution for firewalls: " The IPFire development team has just released the 61st core update for IPFire 2.11. This update brings a lot of exciting changes, new features and several bug fixes. Since IPFire 2.11, OpenVPN net2net (N2N) or site2site (S2S) connections are supported. Here are some of the exciting new features: static routes may be defined for OpenVPN clients; connections can now be renamed when importing them; OpenVPN N2N connections are displayed with their status on the index page; optional client-config-dir (CCD) is supported which enables the option to add configuration parameters for a single client connection. On the connections page, you can now see how much traffic has been transfered over a single connection. " The release announcement. Download: ipfire-2.11.i586-full-core61.iso (76.8MB, torrent).

Distribution Release: IPFire 2.11 Core 58 Arne Fitzenreiter has announced the release of IPFire 2.11 Core 58, an updated version of the project's specialist distribution for firewalls: " It is time for a maintenance update of the IPFire series 2 which is called Core Update 58. This update comes with cryptodev, a bunch of security fixes and minor bug fixes. Cryptodev has been ported from BSD and provides the kernel crypto system to the userspace. The advantages we gain from that is much faster hashing, encryption and decryption of data. On a normal system, the performance will double, on systems that come with crypto processors like VIA Padlock or Marvell CESA, the speed will be significantly higher and the CPU load will be much lower. The update is shipping fixes for security issues in OpenSSL 0.9.8u and libpng 1.2.46. " Read the rest of the release announcement for more details. Download (SHA1): ipfire-2.11.i586-full-core58.iso (76.6MB, torrent).

Distribution Release: IPFire 2.11 Core 57 Arne Fitzenreiter has announced the release of IPFire 2.11 Core 57, the latest update of the project's specialist distribution for firewalls: " Today, we are releasing Core Update 57 for IPFire 2.11. It is again a minor bug-fix and security update. These components have been updated to address various security issues or potential DDoS attacks - PHP security update to 5.3.10, Apache security update to 2.2.22, Squid, update to 3.1.19. Miscellaneous changes: a bug in the GUI of the outgoing firewall which automatically disabled a rule after it has been edited was fixed; Vim now works better on remote consoles like PuTTY; the welcome banner that is shown to Cisco's Road Warrior VPN client is now customized and says 'Welcome to IPFire - An Open Source Firewall Solution'. " See the complete release announcement for more information. Download (SHA1): ipfire-2.11.i586-full-core57.iso (76.5MB, torrent).

Distribution Release: IPFire 2.11 Core 56 Michael Tremer has announced the release of IPFire 2.11 Core 56, a new stable release of the project's specialist distribution for firewalls: " Today, we are releasing Core Update 56 for IPFire 2.11. It is a minor bug-fix and security update. The most exciting new feature can be found in the pre-installed images that automatically scale up the partitions at first boot. If you use a 8 GB SD card, you install the 2 GB image and it will grow the partition sizes to use all space that is available on that SD card. Note: The minimum required size of Flash media has changed from 1 GB to 2 GB. This is because the / partition was too small for installing bigger add-ons. An update of OpenSSL to version 0.9.8t fixes a security flaw that could be exploited in a denial of service attack. " Continue to the release announcement for a list of bug fixes. Download (SHA1): ipfire-2.11.i586-full-core56.iso (73.2MB, torrent).

Distribution Release: IPFire 2.11 Core 55 Michael Tremer has announced the release of IPFire 2.11 Core 55, a specialist Linux distribution for firewalls: " Today, we are going to release two new core updates for the IPFire firewall distribution. Core Update 54 - minor feature enhancements and bug fixes. This core update comes with some updates for network hardware that will give more speed and reliability. The web proxy service has been updated as well and consumes less memory in some circumstances, among other improvements. The intrusion detection system rules download is working again for the latest rule set and the hardware status section in the web user interface recognizes more hard drives. Core Update 55 - six security updates in OpenSSL, OpenSSH has been updated to version 5.9p1. " Read the full release announcement additional details. Download (SHA1): ipfire-2.11.i586-full-core55.iso (73.1MB, torrent).

Distribution Release: IPFire 2.11 Arne Fitzenreiter has announced the release of a major new version of IPFire, a specialist Linux-based distribution for firewalls: " It has already been four years since IPFire 2 was released for the first time. There has been huge progress until today, the release of version 2.11. The biggest new feature in the released version 2.11 of IPFire is the option to create net-to-net VPNs with OpenVPN. Until now, it was only possible to use OpenVPN to create roadwarrior networks, but we kept the easiness of configuring VPN tunnels by just sending configuration archives in ZIP format. To learn how that works, see the reworked documentation on the Wiki. IPsec-VPNs do now support the IKEv2 protocol which allows a more secure, faster and easier connection of the tunnels. " See the release announcement for additional details. Download (SHA1): ipfire-2.11.i586-full-core53.iso (73.3MB, torrent).

Distribution Release: IPFire 2.9 Core 52 Michael Tremer has announced the release of a new update of IPFire 2.9, a specialist Linux distribution for firewalls, focusing on easy setup, good handling and high level of security: " This is the 52nd update for the second series of the IPFire firewall distribution. Core Update 52 is addressing several security issues in the web proxy service and the Apache web server. It additionally introduces Russian language support and adds some minor features. It is recommended to install this update as soon as possible and please take notice that both services are restarted when updating. List of changes: Squid 3.1.15 (security fixes), Apache 2.2.20 (security fixes); Ethtool 3.0; web proxy - fix LDAP UTF-8 authentication; add Namecheap as a dynamic DNS provider. " Here is the brief release announcement. Download (MD5): ipfire-2.9.i586-full-core52.iso (73.4MB, torrent).

Distribution Release: IPFire 2.9 Core 51 Arne Fitzenreiter has announced the release of IPFire 2.9 Core 51, an updated build of the project's specialist distribution for firewalls: " Core 51 is addressing several security issues in the Linux kernel as well as stability fixes, performance optimization and driver updates. It is recommended to install this update as soon as possible and please take notice that a reboot is required to complete the installation. The update includes the latest Linux long-term kernel of the 2.6.32 series (2.6.32.45) and includes a lot of security fixes and driver improvements. A couple of years ago, there have been problems with some TCP/IP options so these options were disabled to cause less trouble. As technology has developed, these options have now been re-enabled which improves the network throughput a lot. " Read the rest of the release announcement for more details and a list of updated device drivers. Download (SHA1): ipfire-2.9.i586-full-core51.iso (73.4MB, torrent).

Distribution Release: IPFire 2.9 Core 50 Arne Fitzenreiter has announced the release of IPFire 2.9 Core 50, a new update of the specialist Linux-based distribution for firewalls: " Today, we release the 50th update of IPFire 2.9. In Core 50 there are updates to Squid (3.1.14), Python (2.7.2), Apache (2.2.19), smartmontools and collectd. From now on, IPFire is installable and configurable in Polish language and there have been a couple of small issues removed on the web user interface. Since 44 months and 50 core updates, IPFire is working better than on the first day. The developers keep working on little updates that improve the base system and add-ons, but also bring major updates along the way. That is why the system runs great on recent hardware and keeps up with new technologies. Special attention is paid to safety-critical problems. Many security issues of third party packages have been patched, tested and delivered within a couple of hours. " Here is the "anniversary" announcement. Download (SHA1): ipfire-2.9.i586-full-core50.iso (68.1MB, torrent).

Distribution Release: IPFire 2.9 Core 49 Arne Fitzenreiter has announced the release of IPFire 2.9 Core 49, a Linux-based firewall distribution: " Today we are going to release Core Update 49. IPFire 2.9 Core 49 is a bug-fix release and brings minor feature updates. List of changes: QoS - replaced sip with rtp for VoIP; Apache - tuning maximum spare servers to 10; add 'charon' to IPSec log section; fix ID information on IPSec configuration; backup.cgi - added content length to show file status bar; add CGI to display the md-state; services.cgi - blacklist mdadm (no good idea to stop it); extrahd -add mmcblk card reader and mdadm support; extrahd - display also non-partitioned disks; add initskript to wait until slower drives are present; changed OpenVPN CGI to create a CN without a blank; change Squid init script to kill remaining ClamAV redir; lm_sensors - update to 3.3.0.... " Here is the full release announcement. Download (SHA1): ipfire-2.9.i586-full-core49.iso (67.5MB, torrent).

Distribution Release: IPFire 2.9 Core 47 Michael Tremer has announced the release of an updated version of IPFire, a Linux-based firewall distribution: " Today we release IPFire 2.9 Core 47. IPFire 2.9 Core 47 is a bug-fix release and it brings minor feature updates. The most important change, beside the security update of the PHP scripting language, is the opportunity to configure the VLAN IDs that are used for IGMP streaming. PPTP servers that require a host route for the dial-in connection are supported from now on. List of changes: updated PHP to 5.3.5; changed Snort rule download to current Snort version; add SSH ECDSA hostkey for new encryption algorithms; fix add-on service PID/memory display if the add-on name contains numbers; proxy.cgi - fix file name of NTLM authenticator; add outgoing firewall group settings to backup. " Here is the full release announcement. Download (MD5): ipfire-2.9.i586-full-core47.iso (65.0MB, or torrent).

Distribution Release: IPFire 2.9 Core 45 Michael Tremer has announced the release of IPFire 2.9 Core 45, an easy-to-use and secure firewall distribution: " Today we release core update 45 which is a bug-fix release and we strongly recommend to install this as soon as possible. List of changes: update of fireinfo to version 2.0.4; update of Squid to version 3.1.10 and fixed 'proxy unable to handle max download size correctly'; update of Snort to current stable 2.9.0.3 and disabled Snort decoder events; update of Memtest86+ (4.20); disabled geode_aes kernel module; fixed unattended restore of backupiso CD; improved vpn-watch; removed core-updates from pakfire cache; fcron - disable mails and fix some cron jobs; outgoing firewall rules now log with LOG prefix despite the drop rules; remove some httpd/cron error log entries. Additionally, there was a lot of clean-up work on the CGI pages of the web interface and lots of tools. " Here is the full release announcement. Download (SHA1): ipfire-2.9.i586-full-core45.iso (63.6MB).

Distribution Release: IPFire 2.9 Michael Tremer has announced the release of IPFire 2.9, a specialist Linux distribution for firewalls that focuses on easy setup and high security: " After the last maintenance release in November 2010, the developers are proud to release a new version, 2.9. About 400 different changes were implemented in this build and there were about one hundred testers that have installed at least one of the beta versions. IPFire has got a new service that is called 'fireinfo'. This can be enabled as an option and it sends anonymous information about the system to the project. We strongly recommend the users to enable this feature so that we can learn from the statistics that are collected. IPFire 2.9 is based on the latest Linux kernel 2.6.32.28 which will be maintained by the kernel developers for several years. So all of the integrated patches will get into IPFire as well. " Read the detailed release announcement for further information. Download (SHA1): ipfire-2.9.i586-full-core44.iso (63.6MB, torrent).

Distribution Release: IPFire 2.7 Core 41 Jan Paul Tuecking has announced the release of IPFire 2.7 Core 41, a Linux-based firewall distribution with a focus on easy setup and high level of security: " Today, on the third birthday of IPFire 2, we are going to release Core 41.This core update has important security fixes of glibc and bzip2. The core update implicates following changes: Webinterface - fixed CGI outgoing GRP display bug, fixed bandwidth usage display with IE8, added example for black/whitelist on Proxy page, VPN pre-shared key field is now a password field; hardware - updated Realtek r8169, r8168, r8101 drivers; security - bzip2: 1.0.6 security update, closed privilege escalation hole in glibc; VPN - enabled cURL for HTTP fetching revoking list in strongSwan, added OpenVPN pam.so; firewall - fixed the feature for deactivating outgoing firewall rules; others - disabled internal TFTP Server in Dnsmasq.... " Here is the full release announcement. Download: ipfire-2.7.i586-full-core41.iso (62.2MB, MD5, torrent).

Distribution Release: IPFire 2.7 Core 40 Jan Paul Tuecking has announced the release of IPFire 2.7 Core 40, a specialist distribution for firewalls with a focus on easy setup, good handling and high level of security: " This is the day we release Core Update number 40 which includes the following changes: added a French web interface translation; updated strongSwan to 4.4.1, OpenVPN to 2.1.2, Snort to 2.8.6.1, Python to 2.7; updated drivers - Intel igb network driver 2.3.4, add Huawei Android usbids to option driver, compat-wireless version 2.6.35; changes on the outgoing firewall - re-added the mac filter, fixes on firewall groups; changes on the QoS module - fixed QoS device detection on connection type change, changed QoS port field length to be able to enter port ranges; added IPTV over ADSL (entertain) support (Germany); added DHCPd and dnsmasq configuration customization feature.... " Visit the project's news page to read the full release announcement. Download: ipfire-2.7.i586-full-core40.iso (62.3MB, torrent).

Distribution Release: IPFire 2.7 Jan Paul Tuecking has announced the release of IPFire 2.7, a specialist distribution of Linux for firewalls: " Today we are going to release IPFire 2.7. At first we will only release the ISO files, the update is not yet available via pakfire. The reason for this is the change of the IPSec software from OpenSwan to StrongSwan and the mandatory changes in the configuration of net2net connections. The update on pakfire will be released next friday, 2010-07-09, so there is enough time to change the IPSec tunnels. There are about 400 changes in the new IPFire version: updated Linux kernel to stable LTS (2.6.32.15); updated OpenSSL to version 0.9.8o; updated Net-SSLeay to version 1.36; switched IPSec from OpenSwan to StrongSwan version 4.4.0; fixed VPN-watch hang at connection re-start; updated Snort to stable 2.8.6; removed snort md5 check, added free space check; added support for alix2 LEDs; added Vodafone K3765 and K4505 usbids to option driver.... " Visit the project's news page to read the detailed changelog. Download: ipfire-2.7.i586-full-core38.iso (64.4MB, torrent).

Development Release: IPFire 2.7 RC1 Jan Paul Tuecking has announced the availability of the first release candidate for IPFire 2.7, a Linux-based firewall distribution that focusses on easy setup and high level of security: " After the approval by the release manager we are going to release IPFire 2.7rc1 today. This version is only suitable for testing and should not be used in productive environments. List of changes: updated Linux kernel to stable LTS (2.6.32.15); switched IPSec from Openswan to strongSwan (4.4.0); Updated ALSA (1.0.23); Updated Memtest86+ (4.10); updated kvm-kmod (2.6.33.1); updated OpenSSL (0.9.8o); updated Net-SSLeay (1.36); add Vodafone K3765 and K4505 usb.ids to option driver; add an configuration setting to remove netfilter SIP modules; updated OpenVPN to the stable release; updated Snort to stable 2.8.6.... " See the release announcement and changelog for further details. Download: ipfire-2.7rc1.i586-full-core38.iso (64.3MB, MD5).