IPFire, a free, open-source Linux-based hardened firewall designed to be deployed as a dedicated firewall/router system for protecting network environments, has issued IPFire 2.29 Core Update 199.
The release’s highlight is full support for WiFi 6 and WiFi 7 access points. While compatible hardware was already usable in previous releases, IPFire can now natively enable and manage advanced capabilities provided by modern wireless standards.
With that said, administrators can now select a preferred WiFi mode, with IPFire automatically configuring the appropriate parameters across 802.11be, 802.11ax, 802.11ac, and legacy standards. Channel widths of up to 320 MHz are supported, enabling theoretical throughput of more than 5.7 Gbps with two spatial streams and up to 11.5 Gbps with four.
Additional wireless improvements include SHA256 authentication support for WPA2 and WPA1 clients that cannot use WPA3, SSID protection enabled by default, automatic activation of beacon protection and operating channel validation when 802.11w is used, multicast-to-unicast conversion to improve airtime efficiency, and background radar detection on supported hardware.
Core Update 199 also introduces native support for Link-Local Discovery Protocol and Cisco Discovery Protocol version 2. This allows IPFire systems to identify directly connected network devices and determine which switch ports they are attached to. It can be enabled and configured through the web interface under the Services section.
Moreover, the system kernel has been rebased on Linux 6.12.58, bringing in upstream security fixes and stability improvements.
Security components receive multiple updates. The intrusion prevention system has been updated to Suricata 8.0.2, and a fix in suricata-reporter resolves an issue where alerts could be dropped when the internal SQLite database was under load. IPS reports are now consistently generated at 1 a.m., addressing requests from administrators who rely on early-morning reporting.
OpenVPN roadwarrior configurations have also been refined. Servers using legacy ciphers are now clearly flagged, support for pushing multiple DNS and WINS servers has been added, and servers now always operate in multi-home mode to better handle connections across multiple interfaces.
Several bugs affecting route propagation and client authentication behavior have been fixed, too, and obsolete configuration directives have been removed. Across the web UI, fixes address firewall location group creation, clearer messaging around SMT hardware support, and proper handling of mail credentials containing special characters.
Additional system-level changes include enabling the D-Bus daemon by default, replacing dracut with dracut-ng following upstream abandonment, introducing a new local mail inbox tool, aligning SSH cipher preferences toward AES-GCM, and fixing race conditions affecting firewall rule application.
Finally, IPFire 2.29 Core Update 199 also delivers a broad set of package upgrades, including OpenSSL 3.6, OpenSSH 10.2p1, OpenVPN 2.6.16, system libraries, development tools, and multiple security-relevant dependencies.
For more information, see the announcement.
Core Update 199 is already available for download on IPFire’s website. Two build flavours cover the most common hardware: x86_64 and aarch64 for those needing a fresh install. Existing systems can be upgraded via IPFire’s web UI or the pakfire update command.
