IPFire Linux Firewall Now Supports exFAT, Boosts Intrusion Prevention System’s Performance

IPFire Firewall

Michael Tremer announced the release of IPFire 2.27 Core Update 161, a new maintenance update to the hardened open-source GNU/Linux distribution that primarily performs as a router and a firewall.

IPFire 2.27 Core Update 161 introduces several new features, performance improvements, and some other important changes. For example, it brings support for the exFAT file system, support for the FriendlyARM NanoPI R2S open-source mini router, as well as Fast Flux Detection in the web proxy to proactively detect Fast Flux setups.

Among the performance improvements included in this update, there’s a large increase of throughput for the Intrusion Prevention System (IPS), allowing it to decide if the traffic from a certain IP connection needs to be seen or not and tell the kernel to bypass it.

“On systems like the Lightning Wire Labs Mini Appliance which comes with four CPU cores each at 1 GHz clock speed, it boosts throughput from about 120 MBit/s on full CPU load to 1 GBit/s on about 20% load on one CPU core for this type of connection,” explains Michael Tremer.

Other noteworthy changes include the complete removal of Python 2 support, the ability for the web proxy to always hide its version number to prevent information leaks, support for the Pakfire page to correctly display the locked state after launching an update, support for the status of software RAID configurations in Logwatch, improved backup of avahi’s and minidlna’s configurations, and improved disk utilization stats.

Under the hood, the IPFire 2.27 Core Update 161 firewall distro is powered by the Linux 5.10.76 LTS kernel that offers hardening of stack variables to prevent information leaks inside the kernel’s memory space, TPM hardware support as a source for entropy, and the ability to wake up more often to keep packet forward latency down and also make the system more responsive.

As usual, several packages and add-ons have been updated. Among these, IPFire 2.27 Core Update 161 comes with Apache 2.4.51, cURL 7.79.1, dosfsutils 4.2, GD-Graph 1.54, gd 2.3.3, iproute2 5.14.0, perl-GD 2.73, strongSwan 5.9.4, 7zip 17.04, cups-filters 1.28.10, Ghostscript 9.55.0, Git 2.33.1, htop 3.1.1, krb5 1.19.2, monit 5.29.0, GNU nano 5.9, pcengines-apu-firmware, and shairport-sync 3.3.8.

Last updated 2 years ago

Buy Me a Coffee at ko-fi.com