Download IPFire 2.27 – Core Update 162

Spread the love

IPFire is an open source firewall for i586, x86_64, and ARM systems. It includes an intrusion detection/prevention system, divides the network into zones, does stateful packet inspection and offers VPN capabilities. For more information, please refer to this page† The developers have released version 2.27 Core Update 162 for production systems. The corresponding announcement looks like this:

Linux 5.15

Once a few releases after upgrading to Linux 5.10, we have now rebased the IPFire kernel on Linux 5.15. Due to dropping or upstreaming our patchset this was a lot easier than the previous step to 5.10.

The new kernel is long-term supported by the Linux kernel developers and comes with various new drivers and performance improvements. Noteworthy are various performance improvements on “zero copy” for increased throughput and lower latency; Core Scheduling (for safer Hyperthreading), and a new drivers for NTFS.

We have continued our work to take advantage of improvements in the kernel that help to decrease CPU usage when forwarding large numbers of packets. In certain environments, this enables IPFire to significantly more throughput and lower latency since more CPU resources are available when needed.

Deprecating i586

This is the last release supporting 32 bit Intel-compatible processors – in our case i586 and older. Having announced this plan a year agothe time has finally come.

We are very hopeful that we will be able to concentrate our limited development time more on architectures and features that are used by the masses instead of keeping support for something that only a few people are still using and that is becoming harder and harder since so many distributions have already done this step which leaves us with lots of bugs to find ourselves instead of taking advantage of the open source community.

If you are running on an i586 system, you should backup your configuration, perform a fresh installation with a supported architecture and restore the backup. We encourage you to migrate immediately as it will be done in less than half an hour.

misc.

  • IPS: A long-stand bug has been discovered which caused that some TCP connections could not be opened and timed out. This happened on TCP stacks that use the timestamp option and where the first SYN packet does not reach the server. Due to the state of the repeated packet not being considered, the IPS did not allow any SYN-ACK packets back through to the client which caused the connection to time out. This has been fixed and submitted upstream
  • The web user interface has gained a new “help” option which will bring you to the correct page on the IPFire Wiki
  • IPFire Location has added the new “DROP” category (allocated country code XD) which has a curated list of networks which nobody is ever expected to talk to
  • OpenVPN: An error has been fixed which caused to show an “Internal Server Error” after generating root and host certificates (#12574
  • Dynamic DNS: Fix broken updates freedns.afraid.org after API change
  • jwhois has been replaced with an actively maintained version of whois
  • The installer will now correctly create EFI boot entries on all BIOSes. This used to fail on ARM64-based machines.
  • Updated packages: BIND 9.16.22, bison 3.8.2, coreutils 9.0, dhcpcd 9.4.1, gawk 5.1.1, jansson 2.14, knot 3.1.1, libhtp 0.5.39, libloc 0.9.8, libseccomp 2.5.3, libxcrypt 4.4.26, meson 0.59.2, OpenVPN 2.4.4, OpenSSH 8.8p1, snake 2.3.2, suricata 5.0.8, unbound 1.13.2, xtables-addons 3.18

Add-ons

  • Updated packages: ClamAV 0.104.1, dnsdist 1.6.1, libffi 3.4.2, Postfix 3.6.3, strace 5.14, sslh 1.22c, sshfs 3.7.2, Tor 0.4.6.8

Version number 2.27 – Core Update 162
Release status Final
Operating systems Linux
Website IPFire
Download
License type Conditions (GNU/BSD/etc.)
You might also like