IPFire version 2.23 Core Update 131 released with new Intrusion prevention System (IPS)
Previously, IPFire used Snort as default Intrusion Detection System (IDS), but now it replaced with Suricata.
Suricata is a free and open source, mature, fast and robust network threat detection engine. The Suricata engine is capable of real time intrusion detection (IDS), inline intrusion prevention (IPS), network security monitoring (NSM) and offline pcap processing.
IPFire is a hardened open source Linux distribution that primarily performs as a router and a firewall, a standalone firewall system with a web-based management console for configuration. IPFire originally started as a fork of IPCop and has been rewritten on basis of Linux.
The primary objective of IPFire is security. Its easy to configure firewall engine and Intrusion Detection System prevent any attackers from breaking into your network. In the default configuration, the network is split into various zones with different security policies such as a LAN and DMZ to manage risks inside the network and have custom configuration for the specific needs of each segment of the network.
But even the firewall needs to protect itself. IPFire is built from scratch and not based on any other distribution. This allows the developers to harden IPFire better than any other server operating system and build all components specifically for use as a firewall.
A new Intrusion Prevention System making all of your networks more secure by deeply inspecting packets and trying to identify threats.
This new system has many advantages over the old one in terms of performance, security and it simply put – more modern. We would like to thank the team at Suricata on which it is based for their hard work and for creating such an important tool that is now working inside of IPFire, developer Michael Tremer said in the blog.
Once you update to latest version IPFire it automatically converting to new IPS. However, you will need to select the ruleset and rules that you want to use again, since those cannot be migrated. Please note that the automatic migration will enable the new IPS, but in monitoring mode only. This is that we won’t break any existing configurations. Please disable the monitoring mode if you want the IPS to filter packets, too.
Following Bugs have been Fixed
- SSH Agent Forwarding: This can now be enabled on the IPFire SSH service which allows administrators to connect to the firewall and use SSH Agent authentication when using the IPFire as a bastion host and connecting onwards to an internal server.
- When multiple hosts are created to overwrite the local DNS zone, a PTR record was automatically created too. Sometimes hosts might have multiple names which makes it desirable to not create a PTR record for an alias which can now be done with an additional checkbox.
- A bug in the firewall UI has been fixed which caused that the rule configuration page could not be rendered when the GeoIP database has not been downloaded, yet. This was an issue when a system was configured, but never connected to the internet before.
- On systems with a vast number of DHCP leases, the script that imports them into the DNS system has been optimised to make sure that they are imported faster and that at no time a half-written file is available on disk which lead unbound to crash under certain circumstances.
- Some minor UI issues on the IPsec VPN pages have been fixed: On editing existing connections, the MTU field is now filled with the default.
The basic requirements are at least a 1GHz CPU, 1GB of RAM, and a 4GB hard drive. Two network cards are needed to connect to an Ethernet network. DSL, LTE and Wi-Fi (WLAN) are supported, too, with according hardware.
The required computing power to run IPFire depends on the area of application. Most commonly, x86 systems are being used, but ARM devices, such as Raspberry Pi or Banana Pi, are supported, too. IPFire can be used in virtual environments (such as KVM, VMWare, XEN, Qemu, etc.).
The basic setup of IPFire happens over a guided dialogue on the console, and the further administration takes place on the web-based management interface, such as add-ons and additional features.
- Package updates: borgbackup 1.1.9, dnsdist 1.3.3, freeradius 4.0.18, nginx 1.15.9, postfix 3.4.5, zabbix_agentd 4.2.0.
- TOR has received an extra firewall chain for custom rules to control outgoing traffic (TOR_OUTPUT). This allows to create rules for traffic that originates from the local tor relay. The service is also running as an own user now.
- Wireless Access Point: It is now possible to enable client isolation so that wireless clients won’t be able to communicate with each other through the access point.
flashrom – A tool to update firmware