IPFire, a free, open-source Linux-based hardened firewall designed to be deployed as a dedicated firewall/router system for protecting network environments, has issued IPFire 2.29 Core Update 200.
The distribution is now rebased on Linux kernel 6.18.7 LTS, which improves network throughput, latency, packet filtering, and hardware security mitigations. Upstream has deprecated ReiserFS support. Systems still using that filesystem cannot install the update and must be reinstalled on a supported filesystem.
Core Update 200 also debuts IPFire DBL, a new domain blocklist developed following the retirement of the Shalla list. The project is building its own curated database of domains to filter malware, social networks, adult content, and other categories.
Suricata, an open-source intrusion detection and prevention system, receives a fix for a signature cache issue introduced in the previous update, when the cache could grow without limits and consume significant disk space. Additionally, the reporting component now includes additional hostname and protocol details for DNS, HTTP, TLS, and QUIC alerts in email notifications and PDF reports.
OpenVPN configuration handling has been revised, with the MTU no longer hardcoded in client configuration files and now pushed by the server. One-time password tokens are also pushed when enabled. The CA certificate has been removed from client configuration files because it is already included in the PKCS#12 container.
Wireless access point support now includes 802.11a/g modes again. Excessive hostapd debug logging has been corrected, and pre-shared keys with special characters are now accepted properly.
Unbound, the integrated DNS proxy, now runs one thread per CPU core instead of being single-threaded, improving responsiveness under load. PPP behavior has been adjusted so LCP keepalive packets are sent only when no traffic is present, reducing overhead on DSL and mobile connections.
Finally, regarding security, in IPFire 2.29 Core Update 200, OpenSSL has been updated to version 3.6.1, which includes fixes for multiple CVEs. Updated core components include Apache 2.4.66, OpenVPN 2.6.17, Suricata 8.0.3, Unbound 1.24.2, Rust 1.92, and BIND 9.20.18. Add-ons such as ClamAV 1.5.1, Tor 0.4.8.21, Samba 4.23.4, and Git 2.52 have also been refreshed.
For more information, see the announcement.
Core Update 200 is already available for download on IPFire’s website. Two build flavours cover the most common hardware: x86_64 and aarch64 for those needing a fresh install. Existing systems can be upgraded via IPFire’s web UI or the pakfire update command.
