14 DAY TRIAL // After being in development for the past two weeks, IPFire 2.19 Core Update 109 has hit the stable channel today and it's a recommended upgrade for all those who use the IPFire 2.19 series of the open-source, Linux-based firewall distro.
As noted in our previous report, the most important feature of IPFire 2.19 Core Update 109 is the inclusion of the unbound 1.6.0 recursive and caching DNS resolver in the distro's built-in DNS proxy to address some important bugs, re-activate QNAME minimisation and hardening below NX domains, and implement the ability for the firewall to check if a router loses longer DNS responses.
"At start time, IPFire now also checks if a router in front of IPFire drops DNS responses which are longer than a certain threshold (some Cisco devices do this to “harden” DNS)," explains Michael Tremer. "If this is detected, the EDNS buffer size if reduced which makes unbound fall back to TCP for larger responses. This might slow down DNS slightly, but keeps it working after all in those misconfigured environments."
OpenSSL was updated to version 1.0.2k, TOR 0.2.9.9 is now included
Besides improving the DNS proxy, IPFire 2.19 Core Update 109 implements support for newer eMMC modules into the Linux kernel packages, adds support for standard 802.3 bridges to the built-in network scripts, improves support for various hardware architectures for the backup scripts, and lets the firewall GUI create subnets that are a subnet of one of the standard networks.
Among the updated components included in IPFire 2.19 Core Update 109, we can mention OpenSSL 1.0.2k, BIND 9.11.0-P2, Snort 2.9.9.0, Squid 3.5.24, sysklogd 1.5.1, logrotate 3.9.1, libpcap 1.8.1, zlib 1.2.11, libpng 1.2.57, and perl-GeoIP module 1.25. Python 3 support is now officially available thanks to Jonatan Schlag, and the Tor 0.2.9.9, QEMU 2.8, libvirt 2.5, GNU nano 2.7.2, tcpdump 4.8.1, tmux 2.3, and sarg 2.3.10 add-ons are present.
Newcomers or those who want to deploy the Linux-based firewall on new systems can download the IPFire 2.19 Core Update 109 installation images right now from our website, but existing users need only to upgrade their installations via the official channels if they want to receive all the goodies mentioned above and also keep their machines secure.