IPFire, a free, open-source Linux-based hardened firewall designed to be deployed as a dedicated firewall/router system for protecting network environments, has issued IPFire 2.29 – Core Update 198.
For many IPFire users, one of the most requested features has finally arrived — detailed, automated IPS reporting. With that said, administrators can now stay informed about security events through three complementary mechanisms:
- Instant email alerts for high-priority threats, triggered based on customizable thresholds.
- Scheduled PDF reports are sent daily, weekly, or monthly, summarizing all detected alerts in a clean, shareable format.
- External syslog forwarding, allowing logs to be securely mirrored outside the firewall for long-term storage and forensic analysis.
Needless to say, together, these features dramatically improve auditability and accountability, providing clear, traceable evidence of threat detection and response — even in the event of a firewall compromise.
Under the hood, IPFire 2.29 upgrades the Intrusion Prevention System to Suricata 8.0.1, an open-source network analysis and threat-detection software, delivering noticeable performance gains and expanded protocol coverage. Among the most important enhancements:
- Cached rule compilation for faster startup times.
- Improved memory handling and better resilience under load.
- New protocol support, including DNS-over-HTTP/2, Multicast DNS, LDAP, POP3, SIP (and SIP over TCP), SDP, and WebSocket.
- Optimized ARM performance via the new Vectorscan library, which accelerates pattern matching using vector instructions.
Alongside the IPS overhaul, this update also brings a full toolchain rebase with key GNU components refreshed: GCC 15.2.0, Binutils 2.42, and glibc 2.42. In addition, dozens of core packages have been updated, too, including BIND 9.20.13, cURL 8.16, libxml2 2.14.6, sudo 1.9.17p2, SQLite 3.5.4, and many others.
Finally, IPFire 2.29 Core Update 198 also patches several vulnerabilities in the web interface, responsibly disclosed by security researchers from Pellera Technologies and VulnCheck. Plus, several add-on packages received important updates as well:
- HAProxy 3.2.4
- Git 2.51
- Samba 4.22.4
- QEMU 10.1
- FRR 10.4.1
- Postfix 3.10.4
- nginx 1.29.1
- BorgBackup 1.4.1
- mtr 0.96
- Lynis 3.1.5
For more information, see the announcement.
Core Update 198 is already available for download on IPFire’s website. Two build flavours cover the most common hardware: x86_64 and aarch64 for those needing a fresh install. Existing systems can be upgraded via IPFire’s web UI or the pakfire update command.
