IPFire 2.23 Core Update 131 is now available to download

May 16, 2019 12:10 GMT  ·  By

The IPFire open-source hardened Linux firewall has been updated today to version 2.23 Core Update 131, a release that introduces a brand new IPS (Intrusion Prevention System), various improvements, and updated components.

The most exciting thing about the IPFire 2.23 Core Update 131 release is that is ships with a new Intrusion Prevention System (IPS) that deeply inspects packets and prevents threats, thus making your networks more secure. IPFire previously used Snort as default Intrusion Detection System (IDS), but now it's been replaced with Suricata.

"This new system has many advantages over the old one in terms of performance, security and it simply put - more modern. We would like to thank the team at Suricata on which it is based for their hard work and for creating such an important tool that is now working inside of IPFire," explains developer Michael Tremer in the release announcement.

After upgrading to IPFire 2.23 Core Update 131, your Snort configurations will be automatically migrated to Suricata, which will enable it in monitoring mode only. You will have to disable the monitoring mode for the new Intrusion Prevention System to filter packets. Also, please note that Snort configurations won't be migrated when you restore IPFire from an old backup.

Updated components and other improvements

IPFire 2.23 Core Update 131 also brings several other improvements like the ability to enable SSH Agent Forwarding on the IPFire SSH service, faster import of DHCP leases into the DNS system, better editing of connection on IPsec VPN pages, as well as improvements to the rule configuration page, local DNS zone, and searching of temperature sensors on AWS.

It also comes with an up-to-date wireless regulatory database, a new tool for updating firmware called flashrom, an extra firewall chain for custom rules for TOR to allow users to control outgoing traffic, as well as support for enabling client isolation on Wireless Access Points to restrict wireless clients to communicate with each other through the AP.

Under the hood, the IPFire 2.23 Core Update 131 release is using the long-term supported Linux 4.14.113 kernel with debugging functionality disabled for a performance boost, and many updated components including BorgBackup 1.1.9, dnsdist 1.3.3, FreeRADIUS 4.0.18, GnuTLS 3.6.7.1, Lua 5.3.5, Nettle 3.4.1, Nginx 1.15.9, NTP 4.2.8p13, Postfix 3.4.5, RRDtool 1.7.1, Unbound 1.9.1, and Zabbix 4.2.0.

You can download IPFire 2.23 Core Update 131 right now.