IPFire is een opensourcefirewall voor i586-, x86_64- en ARM-systemen. Het bevat onder andere een intrusion detection/prevention system, deelt het netwerk op in zones, doet stateful packet inspection en biedt vpn-mogelijkheden. Voor meer informatie verwijzen we naar deze pagina. De ontwikkelaars hebben versie 2.27 Core Update 161 uitgebracht voor productiesystemen. De bijbehorende aankondiging ziet er als volgt uit:

The most notable change in this update is a large increase of throughput of the IPS. It can now decide to no longer see traffic from a certain IP connection and tell the kernel to bypass it. That removes all overhead for these connections and therefore increases throughput.

On systems like the Lightning Wire Labs Mini Appliance which comes with four CPU cores each at 1 GHz clock speed, it boosts throughput from about 120 MBit/s on full CPU load to 1 GBit/s on about 20% load on one CPU core for this type of connection. This releases more CPU time for scanning other traffic and allowing this device being properly used on connections with more than 100 MBit/s throughput.

For this change, a lot of work around the QoS and VPNs were necessary because of touch points in the firewall engine. Here, we were also able to tidy up code and make the system more efficient.

This update brings Fast Flux Detection as introduced by Peter.

The IPFire kernel is now based on Linux 5.10.76 and various configuration changes have been made:

Hardening of stack variables: All of those will now be zero-initialised to avoid any information leak inside the kernel's memory space

TPM hardware is now being used as a source for entropy if available

The kernel will now wake up more often in order to keep packet forward latency down and make the system more responsive.

Some debugging/overhead functions have been disabled for slight performance gains

Python 2 has been removed from IPFire with this release

IPFire now supports ExFAT

Logwatch now includes status of software RAID configurations

Regressions in the disk utilization stats due to a change in iostat(8)'s output have been fixed

After launching an update, the Pakfire page did not correctly show the locked state

The web proxy will now always hide its version number due avoid any information leaks

Support for FriendlyARM NanoPI R2S has been added

Updated packages: apache 2.4.51 fixing CVE-2021-42013 introduced due to an incomplete fix for CVE-2021-41773, curl 7.79.1, dosfsutils 4.2, GD-Graph 1.54, gd 2.3.3, iproute2 5.14.0, perl-GD 2.73, strongSwan 5.9.4