IPFire 2.23 Core Update 138 is now available for download

Nov 18, 2019 18:28 GMT  ·  By

The IPFire project released a new update to their Linux-based open-source firewall distribution, which brings latest software updates and much-improved and faster Quality of Service (QoS).

IPFire 2.23 Core Update 138 is now available for download with improved Quality of Service (QoS), which allows the firewall to pass even more traffic on smaller systems, as well as reduce packet latency on faster machines, thus creating a faster and more responsive network. To take full advantage of the improved and faster QoS, the IPFire project recommends you reboot your systems after installing the new update.

"Development around the Quality of Service and tackling some of the bugs required an exceptional amount of team effort in very short time and I am very happy that we are now able to deliver the result to you to improve your networks," said Michael Tremer in the announcement. "It allows to pass a lot more traffic on smaller systems as well as reduces packet latency on faster ones to create a more responsive and faster network."

Updated components, bug fixes

Under the hood, IPFire 2.23 Core Update 137 ships with a newer kernel, namely Linux 4.14.150, which is hardened, fully patched and optimized to deliver more throughput for IP connections, as well as to reduce latency to a minimum for your network to be fast and responsive as possible. This new kernel also fixes a nasty bug that caused the system to drop DNS packets if the Suricata IDS (Intrusion Detection System) was enabled.

Other updated components included in this release are BIND 9.11.12, bird 2.0.6, Iptables 1.8.3, iproute2 5.3.0, knot 2.8.4, libhtp 0.5.30, libnetfilter_queue 1.0.4, libpcap 1.9.1, libssh 0.9.0, Net-SSLeay 1.88, PCRE 8.43, StrongSwan 5.8.1, Suricata 4.1.5, tzdata 2019c, Unbound 1.9.4, and wpa_supplicant 2.9, as well as the ClamAV 0.102.0, hostapd 2.9, ipset 7.3, mtr 0.93, GNU nano 4.5, Ncat 7.80, Nmap 7.80, Sane 1.0.28, shairport-sync 3.3.2, tcpdump 4.9.3, TOR 0.4.1.6, and tshark 3.0.5 add-ons.

Last but not least, IPFire 2.23 Core Update 137 introduces the speedtest-cli add-on, a new handy tool that lets you perform a regular speedtest on the terminal, support for Curve 448 with 224 bit of security, a patch that restarts the syslog daemon after restoring a backup to close old log files and write to the restored ones, and an updated script to clean up downloaded GeoIP databases from /tmp.

Update: IPFire 2.23 Core Update 138 has been released shortly after Core Update 137 to mitigate the latest Intel CPU vulnerabilities. "Unfortunately those will further decrease the performance of your IPFire systems due to changes in Intel's microcodes which are also shipped with this Core Update," reads the announcement.