The latest IPFire Linux firewall release is now available with support for more hardware, security updates, and updated core components.
IPFire 2.25 Core Update 147 has been announced today by project maintainer Michael Tremer. This release comes about a month after the previous version, which deprecated support for 32-bit system with PAE, to update several core components and add-ons, as well as to patch some security vulnerabilities and fix other bugs.
First, security, because it’s important for every operating system. IPFire 2.25 Core Update 147 includes a recent version of the Squid web proxy software that was patched against HTTP Request Smuggling and Poisoning attacks (CVE-2020-15049).
Supporting newer and modern hardware is also important. The IPFire 2.25 Core Update 147 brings support for more hardware and improves support for existing hardware components by shipping with the linux-firmware 20200519 package.
IPFire is also available in the cloud, on AWS (Amazon Web Services), so it received some improvements in terms of configuration, allowing all zones to use jumbo frames by default.
“Since Amazon’s network allows packets with up to 9001 bytes, this will increase bandwidth in the cloud. The RED interface is exempt, because the Internet still defaults to only 1500 bytes per packet, explains developer Michael Tremer.
Another interesting change in the latest IPFire Linux firewall release is a fix for a long-standing issue with forwarding GRE (Generic Routing Encapsulation) connections. Previous releases didn’t support this type of connections because IPFire’s internal connection tracking refused to handle them.
Under the hood, the toolchain has been updated to BIND 9.11.20, GnuTLS 3.6.14, OpenSSH 8.3p1, SquidGuard 1.6.0, dhcpcd 9.1.2, iproute2 5.7.0, GMP 6.2.0, libassuan 2.5.3, libgcrypt 1.8.5, and libgpg-error 1.38. Various add-ons were updated as well, including Bacula 9.6.5, BorgBackup 1.1.13, HAProxy 2.1.7, and Joe 4.6.
You can download IPFire 2.25 Core Update 147 right now from the official website. However, existing users only have to update their installations, without downloading the new ISO image, which is intended mostly for new deployments of the open-source Linux-based firewall distribution.