IPFire is een opensourcefirewall voor i586-, x86_64- en ARM-systemen. Het bevat onder andere een intrusion detection/prevention system, deelt het netwerk op in zones, doet stateful packet inspection en biedt vpn-mogelijkheden. Voor meer informatie verwijzen we naar deze pagina. De ontwikkelaars hebben versie 2.27 Core Update 159 uitgebracht voor productiesystemen. De bijbehorende aankondiging ziet er als volgt uit:
The New Kernel - Better Security and PerformanceThis is a major update for IPFire, as it rebases the IPFire kernel on Linux 5.10, the latest long-term supported release of the Linux kernel. Arne has been working through a long spring getting IPFire ported on this release and it is now finally ready for prime-time. It features:
- Support for many new drivers, improved support and performance for existing drivers making IPFire more compatible with new, and powerful with existing hardware. Most notably are many network drivers as well as virtualised communication with the hypervisor in the cloud.
- Networking throughput has been increased through zero-copy TCP receive and UDP and Bottleneck Bandwidth and RTT congestion control (BBR). Those changes will also decrease the latency of the firewall in the network when forwarding packets.
- Wireless will have improved throughput and better latency with Airtime Queue Limits which practically enables use of all the "Bufferbloat" algorithms on wireless
- Support for 64-bit ARM hardware has been massively improved and we were able to drop a large amount of custom patches who have been upstreamed into the Linux kernel.
- Furthermore we have improved security of the system through improved protection against CPU hardware bugs additional hardening from attacks from the user-space.
This update is a huge step for everything that is going on under the hood of IPFire. We are hopeful to build many new features on this and make IPFire a much more modern and better to use system. If you want to support this effort, please help us with your donation.
Another important part of every distribution is the toolchain. This is what developers call the collection of compilers, linkers, the C standard library and basic tools that are required to build the distribution. These tools have been updated to GCC 11.1, glibc 2.33, binutils 2.36.1
The 32 bit ARM architecture has been changed from
Misc.armv5teltoarmv6l. We originally selected the ARMv5 instruction set as a common denominator for all ARM systems. There were only a few systems on the the market which have now all long been discontinued. To be able to remain compatible with existing setups and code, we remained with this architecture which is however not very well supported any more. This release changes to the slightly more modern ARMv6 instruction set which allows us to make a seamless transition; but eventually we will drop support for 32 bit ARM altogether. If you are using hardware on either ARM or x86 that is capable of running a 64 bit system but still running a 32 bit version of IPFire, we recommend to upgrade as soon as possible.Add-ons
- The system image on the ISO installation image is now compressed using Zstandard for faster decompression during installation and faster compression during the build process
- Installer: The unattended mode is now started correctly even on EFI systems
- Updated packages:
clamav0.103.3,samba4.14.6,tftpd5.2,tshark3.4.7
:fill(white):strip_exif()/i/2004006994.jpeg?f=thumbmedium)
:strip_exif()/u/1054665/crop5be31086906cf_cropped.gif?f=community){kind=small}
:strip_exif()/u/38542/Scrat1ani.gif?f=community){kind=small}
:strip_exif()/u/16970/crop57cd1ef1eb0d0.gif?f=community){kind=small}
:strip_icc():strip_exif()/u/6611/crop56ab146160cd1_cropped.jpeg?f=community){kind=small}
:strip_icc():strip_exif()/u/23263/crop619cf05922b03_cropped.jpg?f=community){kind=small}