IPFire update brings new network and security features to firewall deployments
Security and operations teams often work with firewall platforms that require frequent tuning or upgrades to meet evolving network demands. IPFire has released its 2.29 Core Update 199, aimed at network and protection teams that manage this open source firewall distribution.
Wi-Fi and network protocol support changes
Core Update 199 adds support for the latest Wi-Fi standards, including Wi-Fi 6 and Wi-Fi 7. These additions give teams the ability to use broader channel bandwidths and higher throughput on wireless access points managed by IPFire. Configuration options for selecting wireless modes have been updated so the system can detect and enable capabilities supported by the installed hardware.
The update also brings native Link Local Discovery Protocol (LLDP) and Cisco Discovery Protocol (CDP) support. This allows the firewall to identify networking devices connected to its interfaces while providing data that may feed visibility and monitoring tools used in larger deployments.
Kernel and core system changes
IPFire’s Linux kernel has been rebased on version 6.12.58 as part of this release. The change delivers a range of stability and security fixes from the broader ecosystem that underpins firewall operations.
Intrusion prevention and VPN updates
The integrated Intrusion Prevention System (IPS) in IPFire uses Suricata software, which has been updated to version 8.0.2. This update includes fixes for alert reporting and changes to reporting timing.
Changes in OpenVPN focus on server behavior and client connection handling. The server will push multiple DNS and WINS servers, and the update fixes an issue that could prevent the first custom route from being delivered to clients.
Proxy, web interface, and operational fixes
Core Update 199 applies a mitigation for a proxy-related vulnerability captured in a CVE entry. It also resolves a race condition that could impact URL filtering processes. Web interface adjustments improve behavior in firewall rule group creation and messaging around hardware features.
Package and miscellaneous updates
A wide range of packages have been updated, including key networking and security libraries. The update aligns the SSH cipher suite toward preferred algorithms and integrates other common library and system tool updates.
Must read:
- 40 open-source tools redefining how security teams secure the stack
- OpenGuardrails: A new open-source model aims to make AI safer for real-world use
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!