Performance enhancements were implemented for DNS

Apr 28, 2017 14:28 GMT  ·  By

IPFire's Michael Tremer announced today, April 28, 2017, the release of IPFire 2.19 Core Update 110, a new stable maintenance version of the open-source, Linux-based firewall operating system.

Coming two and a half months after the previous point release, IPFire 2.19 Core Update 110 is here to implement support for on-demand IPsec (Internet Protocol Security) VPNs (Virtual Private Networks), which might just come in handy to those who deal with a huge amount of IPsec net-to-net connections on their infrastructures.

"IPFire used to keep IPsec VPNs up all the time. This wastes resources if a connection is not used very often for example for a daily backup only. Core Update 110 allows to configure IPsec VPNs in an On-Demand mode which will establish the connection as soon as it is needed and will close it after 15 minutes of inactivity to save resources," reads today's announcement.

IPFire 2.19 Core Update 110 also adds an extra layer of performance improvements to the built-in Unbound DNS resolver, which is now capable of assigning additional memory to keep a larger DNS cache, and allows for more concurrent queries. This could be very useful in large networks when handling a burst of DNS queries.

Among other changes, we can mention that graphs were made larger to display more detail on the web-based interface, the secure HTTPS protocol is now used for updating the GeoIP database, and it's possible to set the subnet mask of the RED interface to 255.255.255.255 during setup.

All the init scripts were reorganized in the build system to make the life of add-on packagers a lot easier, the Apache web server received an update to allow more concurrent connections to speed updates from Update Accelerator and distributing of proxy.pac, and packets coming from a bridge network interface are no longer passed by the firewall engine. The Italian translation was also updated.

Updated and new packages, add-ons

Among the updated packages shipping with the IPFire 2.19 Core Update 110 release, we can mention BIND 9.11.0-P3, Portable OpenSSH 7.4p1, Unbound 1.6.1, Squid 3.5.25, GNU wget 1.19.1, Cairo 1.14.8, FreeType 2.7.1, lm_sensors 3.4.0, ntp 4.2.8p10, conntrack-tools 1.4.4, nettle 3.3, pixman 0.34.0, apcupsd 3.14.14, and fontconfig 2.12.1.

Updated add-ons include CUPS 2.2.2, FFMpeg 3.2.4, Midnight Commander 4.8.19, Ghostscript 9.20, tcpdump 4.9.0, and motion 4.0.1, while the GnuTLS SSL library, lcms2 image library, qpdf and poppler PDF rendering libraries, and epson-inkjet-printer-escpr driver for EPSON printers have been added.

Avahi is no longer part of IPFire because it's no longer maintained. You can download the IPFire 2.19 Core Update 110 installation image right now from our website if you're deploying the firewall OS on new machines, but existing users should update their installations at their earliest convenience.