14 DAY TRIAL // Michael Tremer announced the availability for public testing of the upcoming IPFire 2.19 Core Update 109 maintenance release of the open source Linux-based router and firewall distribution.
The most important change included in this update appears to be support for the unbound 1.6.0 recursive and caching DNS resolver in the built-in DNS proxy, which will re-activate QNAME hardening and minimisation below NX domains. The change should also make IPFire check if a router drops DNS responses that are longer than a specific threshold.
"At start time, IPFire now also checks if a router in front of IPFire drops DNS responses which are longer than a certain threshold (some Cisco devices do this to 'harden' DNS)," said Michael Tremer in the release announcement. "If this is detected, the EDNS buffer size if reduced which makes unbound fall back to TCP for larger responses."
Unfortunately, this could also affect the performance of the DNS functionality, but at least it will keep it working in misconfigured environments. The IPFire 2.19 Core Update 109 maintenance update will also enable support for newer eMMC modules in the kernel and makes the backup script work reliably on all supported platforms.
Tor 0.2.9.9 and OpenSSL 1.0.2k are now included
Among other changes implemented in IPFire 2.19 Core Update 109, we can mention an updated firewall GUI with support for creating subnets that are subnets of any standard network, and support for standard 802.3 bridges in the network scripts used for creating MacVTap bridges for virtualization.
IPFire 2.19 Core Update 109 will bring various security improvements via updated components, which include the latest TOR 0.2.9.9 with patches for a bunch of denial-of-service vulnerabilities, Sarg 2.3.10, libvirt 2.5, QEMU 2.8, GNU nano 2.7.2, tmux 2.3, tcpdump 4.8.1, Bind 9.11.0-P2, Snort 2.9.9.0, Squid 3.5.24, and OpenSSL 1.0.2k.
It will also include the libpng 1.2.57, libpcap 1.8.1, logrotate 3.9.1, zlib 1.2.11, sysklogd 1.5.1, perl-GeoIP module 1.25, and Python 3 packages, and if you want to take it for a test drive, you can go ahead and download the IPFire 2.19 Core Update 109 ISO image right now from our website. Happy testing!