Download IPFire 2.27 – Core Update 159

Spread the love

IPFire is an open source firewall for i586, x86_64, and ARM systems. It includes an intrusion detection/prevention system, divides the network into zones, does stateful packet inspection and offers VPN capabilities. For more information, please refer to this page. The developers have released version 2.27 Core Update 159 for production systems. The corresponding announcement looks like this:

The New Kernel – Better Security and Performance

This is a major update for IPFire, as it rebases the IPFire kernel on Linux 5.10, the latest long-term supported release of the Linux kernel. Arne has been working through a long spring getting IPFire ported on this release and it is now finally ready for prime-time. It features:

  • Support for many new drivers, improved support and performance for existing drivers making IPFire more compatible with new, and powerful with existing hardware. Most notably are many network drivers as well as virtualised communication with the hypervisor in the cloud.
  • Networking throughput has been increased through zero copy TCP receive and UDP and Bottleneck Bandwidth and RTT Congestion Control (BBR). Those changes will also decrease the latency of the firewall in the network when forwarding packets.
  • Wireless will have improved throughput and better latency with Airtime Queue Limits which practically enables use of all the “Bufferbloat” algorithms on wireless
  • Support for 64-bit ARM hardware has been massively improved and we were able to drop a large amount of custom patches who have been upstreamed into the Linux kernel.
  • Furthermore we have improved security of the system through improved protection against CPU hardware bugs additional hardening from attacks from the user-space.

This update is a huge step for everything that is going on under the hood of IPFire. We are hopeful to build many new features on this and make IPFire a much more modern and better to use system. If you want to support this effort, please help us with your donation.

Another important part of every distribution is the toolchain. This is what developers call the collection of compilers, linkers, the C standard library and basic tools that are required to build the distribution. These tools have been updated to GCC 11.1, glibc 2.33, binutils 2.36.1

The 32 bit ARM architecture has been changed from armv5tel to armv6l. We originally selected the ARMv5 instruction set as a common denominator for all ARM systems. There were only a few systems on the market which have now all long been discontinued. To be able to remain compatible with existing setups and code, we remained with this architecture which is however not very well supported any more. This release changes to the slightly more modern ARMv6 instruction set which allows us to make a seamless transition; but eventually we will drop support for 32 bit ARM altogether. If you are using hardware on either ARM or x86 that is capable of running a 64 bit system but still running a 32 bit version of IPFire, we recommend to upgrade as soon as possible.

misc.

  • The system image on the ISO installation image is now compressed using Zstandard for faster decompression during installation and faster compression during the build process
  • Installer: The unattended mode is now started correctly even on EFI systems

Add-ons

  • Updated packages: clamav 0.103.3, samba 4.14.6, tftpd 5.2, tshark 3.4.7

Version number 2.27 – Core Update 159
Release status Final
Operating systems Linux
Website IPFire
Download
License type Conditions (GNU/BSD/etc.)
You might also like