14 DAY TRIAL // Michael Tremer, a developer for the ipfire.org team, has announced that IPFire 2.13 Core 80, a new stable build of the popular Linux-based firewall distribution, has been released and is now available for download.
IPFire is a modular Linux distribution, which means that it can be deployed as a firewall, a proxy server, or a VPN gateway. This entire distribution is built with security in mind and most of the features integrated into the OS reflect this philosophy.
This is not a huge update, despite the round version number, but the devs have made some important changes, which should prove to be quite interesting.
“IPFire now validates every DNS response of zones that are signed. If the DNSSEC signatures do not validate a DNS error is raised and therefore spoofing attacks are no longer possible. However, it is not sufficient for the internal DNS proxy to have DNSSEC enabled. Client systems should validate DNSSEC records, too, but we think that these changes block most spoofing attacks from the Internet and only DNS spoofing attacks from the local network are possible,” explain the devs in the official announcement.
Another feature of this release is the implementation of a new dynamic DNS updater, which should be very useful in the long run. The developers say that “a new tool to update dynamic DNS records has been written. It replaces the old, faulty and hard to maintain perl script setddns.pl. The new client is written in Python and portable to other distributions as well. It is easily extensible and avoids duplicating code.”
According to the changelog, the user interface has been simplified, a number of obsolete and deprecated features like wildcard support have been dropped, providers that don't exist anymore have been removed, the lzo libary has been updated to version 2.08, wpa_supplicant has been updated to version 2.2, strongswan has been updated to version 5.2.0, the Turkish translation has been updated, and the dhcrelay binary and an initscript have been shipped.
Also, the bind tools have been updated to version 9.9.5 to support DNSSEC, rng-tools have been updated to version 5 to support Intel processors, the minimum and maximum object size of objects that are put into the cache is no longer ignored, and the chart for dial-up connections has been fixed.
The developers recommend all users of IPFire to upgrade their distributions. More details can be found on the official website. You can download IPFire 2.13 Core 80 right now from Softpedia.