Version 2.27 Core Update 176 Release Date: July 16, 2023 (Release Notes)
IPFire was designed with both modularity and a high-level of flexibility in mind. You can easily deploy many variations of it, such as a firewall, a proxy server or a VPN gateway. The modular design ensures that it runs exactly what you've configured it for and nothing more. Everything is simple to manage and update through the package manager, making maintenance a breeze.
The IPFire development team understands that security means different things to different people and certainly can change over time. The fact that IPFire is modular and flexible make it perfect for integrating into any existing security architecture. Don't forget that ease-of-use is a key principle. If all this sounds a little too much for you, IPFire comes with great default settings out-of-the-box, meaning it's a snap to get going quickly!
The primary objective of IPFire is security. Its easy to configure firewall engine and Intrusion Detection System prevent any attackers from breaking into your network. In the default configuration, the network is split into various zones with different security policies such as a LAN and DMZ to manage risks inside the network and have custom configuration for the specific needs of each segment of the network.
But even the firewall needs to protect itself. IPFire is built from scratch and not based on any other distribution. This allows the developers to harden IPFire better than any other server operating system and build all components specifically for use as a firewall.
Frequent updates keep IPFire strong against security vulnerabilities and new attack vectors.
IPFire employs a Stateful Packet Inspection (SPI) firewall, which is built on top of Netfilter, the Linux packet filtering framework. It filters packets fast and achieves throughputs of up to multiple tens of Gigabit per second.
Its intuitive web user interface allows to create groups of hosts and networks which can be used to keep large set of rules short and tidy - something very important in complex environments with strict access control. Logging and graphical reports give great insight.
Various settings are available to mitigate and block Denial-of-Service attacks by filtering them directly at the firewall and not allowing them to take down your servers.
Firewall DocumentationIPFire's Intrusion Detection System (IDS) analyzes network traffic and tries to detect exploits, leaking data and any other suspicious activity. Upon detection, alerts are raised and the attacker is immediately blocked.
Virtual Private Networks (VPNs) connect remote locations like data centers, branch offices or outsourced infrastructure via an encrypted link. IPFire allows staff to work remotely as if they would be sitting in the office and allowing them to access all resources that they need - fast and securely.
IPFire supports industry standards like IPsec and OpenVPN and interoperates with equipment from various vendors like Cisco & Juniper. VPNs are quickly and easily set up with IPFire and employ latest cryptography.
From a technical point of view, IPFire is a minimalistic, hardened operating system. To provide more functionality, it can be extended by add-ons which are installed with IPFire's own package management system called Pakfire.
Add-ons can be handy command line tools for administrators or can extend the system to provide additional functionality. Those include:
The IPFire Quality of Service (QoS) categorizes network traffic and sends it out prioritized by how important it is to ensure a good service. For example, a Voice-over-IP call will always have priority over a large download to ensure that words will never get lost and call quality is always the best it can be.
Even on very busy links, IPFire will make sure that websites load fast and that the network is quick and responsive by using smart queueing algorithms and getting the most out of your bandwidth.
One of the most commonly used features of IPFire is the full-fledged web proxy. It delivers and filters web content and can only allow Internet access for some users.
Caching content on the firewalls disk makes websites load faster. External regularly updated blacklists allow banning browsing on various websites when they are for example not suitable for students. Optionally, the IPFire web proxy can transparently scan for viruses and block them straight away.
The web proxy makes IPFire perfect for schools and universities where access control and logging is required.
IPFire is very versatile and running on many different kinds of hardware. Those can be 19"-rack-mounted servers as well as small boxes that fit on the palm of a hand.
Processor | x86 CPU with 1 GHz or better or a supported ARM SBC |
Memory | 1GB or greater |
Storage | at least 4GB of harddisk storage |
Network | at least two Ethernet network adapters |
Read more about System Requirements of IPFire.
Media Type | USB |
---|---|
Version | Server |
Disc Type | Install Disc |