Login
Login

IPFire

{{Short description|Linux distribution}}

{{Infobox operating system

| name = Basic information

| developer = IPFire-Team

| latest release version = Version 2.29 Core Update 193{{Cite web| title = IPFire 2.29 - Core Update 193| url = https://www.ipfire.org/blog/ipfire-2-29-core-update-193-released}}

| latest release date = {{Start date and age|2025|04|09}}

| source model = Open source (free software)

| language = Multilingual (including English)

| website = {{url|https://www.ipfire.org/}}

| kernel type = Linux kernel{{cite web |last1=Nestor |first1=Marius |title=IPFire Open Source Firewall Linux Distro Gets Huge Number of Security Fixes |url=https://news.softpedia.com/news/ipfire-open-source-firewall-linux-distro-gets-huge-number-of-security-fixes-519293.shtml |website=Softpedia |date=9 January 2018 |access-date=25 July 2018}}

| logo =

| screenshot = IPFire_2.21_-_Web_interface.png

| caption = Web interface

| package manager = Pakfire

| supported platforms = x86-64, AArch64, RISC-V (experimental)

}}

IPFire is a hardened{{cite web |last1=rascal23 |title=Latest IPFire 2.19 Linux Firewall Update Patches OpenSSL, Wget Vulnerabilities |url=https://fullcirclemagazine.org/2017/11/09/latest-ipfire-2-19-linux-firewall-update-patches-openssl-wget-vulnerabilities/ |website=Full Circle |date=9 November 2017 |access-date=25 July 2018 |archive-date=26 October 2022 |archive-url=https://web.archive.org/web/20221026155458/https://fullcirclemagazine.org/2017/11/09/latest-ipfire-2-19-linux-firewall-update-patches-openssl-wget-vulnerabilities/ |url-status=dead }} open source Linux distribution that primarily performs as a router and a firewall; a standalone firewall system with a web-based management console for configuration.

IPFire originally started as a fork of IPCop{{cite web |url=http://www.ipcop.org/ |title=Home |website=ipcop.org}} and has been rewritten on basis of Linux From Scratch since version 2.{{cite web |last1=Vervloesem |first1=Koen |title=IPFire 2.5: Firewalls and more |url=https://lwn.net/Articles/384419/ |website=LWN.net |access-date=25 July 2018}} It supports installation of add-ons to add server services, which can be extended into a SOHO server.{{Cite news|url=https://opensourceforu.com/2017/03/top-10-effective-efficient-open-source-firewalls/|title=Top 10 effective and efficient open source firewalls - Open Source For You|last=Shah|first=Palak|date=2017-03-03|work=Open Source For You|access-date=2018-08-02|language=en-US}}

In April 2015, the project became a member of the Open Invention Network.{{Cite news|url=http://www.openinventionnetwork.com/community-of-licensees/|title=The OIN Community - Open Invention Network|work=Open Invention Network|access-date=2018-06-22|language=en-US|archive-date=2018-06-23|archive-url=https://web.archive.org/web/20180623163014/http://www.openinventionnetwork.com/community-of-licensees/|url-status=dead}}

System Requirements

The basic requirements are at least a 1 GHz 64-bit CPU, 1GB of RAM, and a 4GB hard drive. Two network cards are needed to connect to an Ethernet network. DSL, LTE and Wi-Fi (WLAN) are supported, too, with corresponding hardware.{{Cite news|url=https://pchelp.ricmedia.com/build-mini-itx-firewall-ipfire-diy-guide/|title=Build Your Own Mini-ITX Firewall with IPFire – Complete DIY Guide|date=2017-03-14|work=Ricmedia PC Help|access-date=2018-06-22|language=en-US|archive-date=2022-04-19|archive-url=https://web.archive.org/web/20220419191436/https://pchelp.ricmedia.com/build-mini-itx-firewall-ipfire-diy-guide/|url-status=dead}}

The required computing power to run IPFire depends on the area of application. Most commonly, x86 systems are being used, but ARM devices, such as Raspberry Pi or Banana Pi, are supported, too.{{Cite web|url=https://www.tecmint.com/install-ipfire-firewall-distribution/|title=How to Install 'IPFire' Free Firewall Linux Distribution|website=www.tecmint.com|date=2 February 2015 |language=en-US|access-date=2018-06-22}}

IPFire can be used in virtual environments (such as VMware, VirtualBox, QEMU, KVM, Xen, etc.).

The basic setup of IPFire happens over a guided dialogue on the console, and the further administration takes place on the web-based management interface, such as add-ons and additional features.{{Cite web|url=https://wiki.ipfire.org/installation/start|title=IPFire Installation Handbook|access-date=2018-07-25}}

System Details

The project is regularly updated by the development team to maintain the security.{{Cite web|url=https://distrowatch.com/table.php?distribution=ipfire|title=DistroWatch.com: IPFire|last=DistroWatch|website=distrowatch.com|access-date=2018-06-21}} Developed as a stateful packet inspection (SPI) firewall.{{Cite news|url=https://www.pcquest.com/8-open-source-firewalls-to-secure-your-business/|title=8 Open Source Firewalls to Secure Your BUSINESS|date=2016-03-10|work=PCQuest|access-date=2018-08-02|language=en-US}}

IPFire separates the network into different segments based on their security risk which are organised in colours. Normal clients connected to the LAN are represented as green, the Internet is represented as red, an optional DMZ is represented as orange and an optional Wireless network is represented as blue. No traffic can flow between segments unless specifically permitted through a firewall rule.{{Cite news|url=https://www.techradar.com/news/best-free-linux-firewall|title=Best free Linux firewalls of 2018|work=TechRadar|access-date=2018-06-21|language=en}}

IPFire's package management system, called Pakfire{{Cite web|url=https://wiki.ipfire.org/configuration/ipfire/pakfire/start|title = Pakfire - the IPFire Wiki}} allows to install system updates, which keep security up to date, and additional software packages for customisation to different usage scenarios and needs. The Linux system is customised for the concrete purpose of a firewall.{{Cite web|url=http://www.linux-magazine.com/Online/News/IPFire-2.11|title=IPFire 2.11 " Linux Magazine|last=Ankerholz|first=Amber|website=Linux Magazine|language=en-US|access-date=2018-06-21}}

The design is modular, making its functionalities extensible through plugins,{{Cite news|url=https://linux.softpedia.com/get/System/Networking/IPFire-31415.shtml|title=Download IPFire 2.19 Core 120 / 3.0 Alpha 1|work=softpedia|access-date=2018-07-26|language=en-us}} but the base comes with the following features{{Cite news|url=https://www.linuxnewssite.com/review-ipfire-linux-based-home-firewall-router-distribution-08072017685.html|title=Review of IPFire: The Linux based home firewall and router distribution - Linux News Site|date=2017-07-08|work=Linux News Site|access-date=2018-07-26|language=en-US}}

  • Stateful packet-inspection firewall based on Linux Netfilter
  • Proxy server with content filter and catching-updates functions (e.g. Microsoft Windows updates, virus scanners, etc.)
  • Intrusion detection system (Snort) with the option to install the Intrusion Prevention System guardian via Pakfire
  • Since Core Update 131 it features the intrusion prevention system "Suricata" instead of snort{{Cite web|url=https://wiki.ipfire.org/configuration/firewall/ips|title=wiki.ipfire.org - Intrusion Prevention System (IPS)|website=wiki.ipfire.org|access-date=2019-11-19}}
  • Virtual private network (VPN) with IPsec and OpenVPN
  • Dynamic Host Configuration Protocol (DHCP) server
  • Caching name-server (supports DNSSEC{{cite web |last1=York |first1=Dan |title=Deploy360 4 August 2014 IPFire Adds DNSSEC Validation In New Release Via Crowdfunding |url=https://www.internetsociety.org/blog/2014/08/ipfire-adds-dnssec-validation-in-new-release-via-crowdfunding/ |website=Internet Society |date=4 August 2014 |access-date=25 July 2018}})
  • Time server
  • Wake-on-LAN (WOL)
  • Dynamic DNS
  • Quality of service (QoS)
  • System monitoring functions and log analysis
  • GeoIP filtering{{Cite news|url=https://news.softpedia.com/news/IPFire-2-17-Update-90-Gets-GeoIP-Based-Blocking-Legacy-Microsoft-Hyper-V-Support-482646.shtml|title=IPFire 2.17 Update 90 Gets GeoIP-Based Blocking, Legacy Microsoft Hyper-V Support|last=Nestor|first=Marius|work=softpedia|access-date=2018-07-26|language=en-us}}
  • Captive Portal{{Cite news|url=https://news.softpedia.com/news/latest-ipfire-2-19-linux-firewall-update-patches-openssl-wget-vulnerabilities-518430.shtml|title=Latest IPFire 2.19 Linux Firewall Update Patches OpenSSL, Wget Vulnerabilities|last=Nestor|first=Marius|work=softpedia|access-date=2018-07-26|language=en-us}}

IPFire Location

The IPFire Project built a free Internet geolocation database published under the Creative Commons license.{{Cite web|url=https://blog.ipfire.org/post/a-new-location-database-for-the-internet|title= A new location database for the Internet|date= 7 August 2020|access-date=2021-12-17|language=en-us}} It is being used by The Tor Project to identify the location of Tor nodes and relays.

See also

{{Portal|Free and open-source software}}

References

{{reflist}}

External links

  • [https://www.ipfire.org/ Official website]
  • [https://location.ipfire.org/ Website of IPFire Location]
  • [https://www.openhub.net/p/ipfire IPFire on OpenHub]
  • [http://www.linux-magazin.de/ausgaben/2010/01/cebit-open-source-2010-projektpraesentation-ipfire/?special=cebit%202010&category=44843 Project presentation in Linux Magazine for CeBIT Open Source 2010 (in German)]

{{Routing software}}

{{Firewall software}}

Category:Free routing software

Category:Gateway/routing/firewall distribution

Category:Wireless access points

Category:Linux distributions used in appliances

Category:Firewall software

Category:Routing software

Category:Linux distributions without systemd

Category:Linux distributions