IPFire maintainer Michael Tremer announced the availability of a new version of the open-source hardened Linux firewall distribution and intrusion detection and prevention system.
IPFire 2.21 Core Update 124 is now available with Linux kernel, OpenSSH, and Unbound hardening. It ships with Linux kernel 4.14.72 LTS, a release that improves support for network adapters and enables built-in kernel security features to further harden IPFire against various attack vectors, and Unbound 1.8 DNS proxy hardened to reduce the load on DNS servers.
This is also the first release of IPFire to add support for booting in EFI (UEFI) mode on x86_64 computers that support the standard. However, the developers noted the fact that to benefit of EFI support, users will have to reinstall IPFire. Due to software running underneath IPFire, which could expose the firewall to more attack vectors, it is recommended to disable EFI in BIOS if possible.
IPFire is now available on Amazon Cloud
IPFire 2.21 Core Update 124 also contains numerous updated components and add-ons, including OpenSSH 7.8p1, Bind 9.11.4-P1, iproute2 4.18.0, ntp 4.2.8p12, syslinux 6.04-pre1, parted 3.2, rng-tools 6.4, pciutils 3.5.6, GNU Nano 3.1, and Postfix 3.3.1, as well as a patch for an authenticated command injection vulnerability that existed in previous versions. Also, IPFire is now available on Amazon Cloud.
"IPFire is ideal to securely connect your infrastructure to the cloud by using IPsec VPNs and provides throughput of multiple tens of gigabits per second," said Michael Tremer. "But IPFire can also be used as a small instance that protects your web, mail and other servers in the cloud with the IPFire Intrusion Detection and Prevention System, load balance web traffic and many things more."
Last but not least, the ChaCha20-Poly1305 stream cipher now works on ARM systems, IPFire now correctly sets the hostname of the system in the kernel and enables users to create rules with the same network as source and destination, as well as to rename a network or host group. Also, IPsec now correctly shows the status of connections in a waiting state. Download IPFire 2.21 Core Update 124.