The IPFire Project released a new update to their popular IPFire hardened open-source Linux-powered firewall distribution based on the latest long-term supported Linux 5.15 kernel series.
IPFire 2.27 Core Update 164 is here as the first release of the IPFire Linux firewall to be powered by the Linux 5.15 LTS kernel series, which is supported until October 2023. As you can expect, the new kernel improves compatibility with newer hardware components, adds security and bug fixes, enables virtualization support with libvirt and KVM, and improves the performance of cryptographic operations on the AArch64 (ARM64) architecture.
IPFire maintainer Michael Tremer reports that the Linux 5.15 LTS kernel included in the IPFire 2.27 Core Update 164 release is patched against the recently disclosed “Dirty Pipe” vulnerability. In addition to the new kernel version, IPFire 2.27 Core Update 164 also ships with the latest Intel microcode firmware for x86 processors to address two critical security issues.
The new IPFire release enables hashing support of passwords for system accounts using the YESCRYPT password-based key derivation function (KDF) and password hashing scheme, adds a new method of source routing validation by rejecting any packets from systems that the firewall can’t reach according to its own routing table, and adds support for dropping of “hostile” traffic in the IPFire Location Database.
Among other noteworthy changes, IPFire 2.27 Core Update 164 removes the Shalla Secure Services and MESD blacklists from the URL Filter feature, updates the Pakfire components to better display its status on the web interface while installing updates or packages, and adds a new
qemu-ga package for better integration with the hypervisor on KVM-based virtualized environments.
Last but not least, it adds additional logging on the RED interface to prevent spoofing attempts, enables logging of packets that aren’t recognized by the connection tracking, adds the ability for users to monitor any firewall hits from spoofing in the graphs, improves Tor relay connections, and updates many core components and add-ons.
As usual, you can download the latest IPFire release from the official website or by clicking on the direct download link below. USB and ISO images are provided for 64-bit (x86_64) and AArch64 (ARM64) architectures.
Image credits: IPFire Project (edited by Marius Nestor)
Last updated 2 years ago