IPFire Linux Firewall Distro Improves Its Intrusion Prevention System and Security

Linux Firewall

Peter Müller announced today the release and general availability of IPFire 2.27 Core Update 168 as the latest stable version of this hardened open-source Linux firewall distribution targeted at routers and firewalls.

IPFire 2.27 Core Update 168 is here one and a half months after the Core Update 167 release to further improve the Intrusion Prevention System (IPS) of the Linux firewall distro by allowing users to individually enable the monitoring mode for each ruleset provider, making parsing and restructuring of changed or updated rulesets faster, as well as support for the downloader to automatically check if a ruleset was updated or not on its providers’ server.

IPFire 2.27 Core Update 168 is also here to further improve the overall security of the Linux firewall distribution to prevent network spoofing attacks by dropping any packets that IPFire received on a different interface than it would have been routed back to, implement a defense-in-depth measure to prevent any unprivileged attacker from reading potentially sensitive configuration on an IPFire installation by tightening various file permissions, and updating to OpenSSH 9.0p1, which introduces quantum-resistant cryptography.

“IPFire’s custom OpenSSH configuration has been updated to make use of it. Also, spoofable TCP-based keep-alive messages are no longer sent, preventing MITM attackers to force-keep an established SSH connection opened,” said the IPFire devs.

On top of that, the IPFire 2.27 Core Update 168 release updates various third-party firmware for better hardware support, improves the processing of CUPS printing server configuration during backup creation and restoring, fixes various CGIs for HTML syntax validity, removes unnecessary vnstat calls, and updates numerous core components and add-ons to their latest versions.

Check out the release notes for more details and download the new IPFire release right now from the official website, where you’ll find both ISO and USB images to run either on real hardware or on a virtual machine. Existing users can simply update their installations using the built-in package manager.

Last updated 2 years ago

Buy Me a Coffee at ko-fi.com