IPFire

ipfire.org
IPFire Icon

IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Easy to install on a raspberry Pi, since it is lightweight and heavily customizable.

Open Source

IPFire Source Code

Author

ipfire

Description

IPFire 2.x development tree

Homepage

License

Created

15 Jan 13

Last Updated

15 May 24

Latest version

v2.29-core185

Primary Language

Perl

Size

94,430 KB

Stars

149

Forks

70

Watchers

149

Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Arne Fitzenreiter (10 May 24)

    mympd: remove create config start this now resets an existing option like the port to default. Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (08 May 24)

    kernel: update x86_64 rootfile now the correct file Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (08 May 24)

    Revert "kernel: update x86_64 rootfile" This reverts commit 7b68ef8515f53e09bf8da9b68096e0cea4bcb017. I have copied the rootfile over the config...

  • Arne Fitzenreiter (08 May 24)

    kernel: update x86_64 rootfile Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Adolf Belka (06 May 24)

    bacula: Update to version 13.0.4 - Update from version 11.0.6 to 13.0.4 - Update of rootfile - Version 13.x has now been released for 12 months so updating the File Daemon to 13.x should be good. - Version 11.x was released 40 months ago. - Changelog The changes are all related to the Director and the Storage Daemon. The changelog states that older file daemons "should" be compatible with 13.x DIR & SD. This change ensures IPfire "is" compatible with the 13.x DIR & SD. Signed-off-by: Adolf Belka <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Adolf Belka (04 May 24)

    update.sh: Add SPAMHAUS_DROP if SPAMHAUS_EDROP was previously used - I realised that the previous patch for update.sh related to the ipblocklist removal of ALIENVAULT and SPAMHAUS_EDROP only removed the SPAMHAUS_EDROP setting. It makes sense to add SPAMHAUS_DROP to the settings file if SPAMHAUS_EDROP was previously used and SPAMHAUS_DROP was not selected. - This patch adds the above change. Tested-by: Adolf Belka <[email protected]> Signed-off-by: Adolf Belka <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (07 May 24)

    update contributors Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (07 May 24)

    kernel: update aarch64 config and rootfile Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (06 May 24)

    kernel: update to 6.6.30 Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Michael Tremer (18 Apr 24)

    kernel: Enable XDP https://lists.ipfire.org/hyperkitty/list/[email protected]/thread/S4GPL3OBFZ6LMA52JNLHIOPMNA5C3V6R/ Signed-off-by: Michael Tremer <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (02 May 24)

    kernel: update to 6.6.29 Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (29 Apr 24)

    mympd: update to 14.1.2 This is a small bugfix release. Changelog: Fix: Output enabled state is bool type Fix: Add missing sort parameters to home icon for search Fix: Set default stream port if stream uri is defined Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Peter Müller (22 Apr 24)

    suricata.yaml: Fix Landlock path settings Suricata will complain if it cannot read its own configuration file, hence read-only access to /etc/suricata must be allowed. Since the list applies to directories, rather than files, restricting read access to only /usr/share/misc/magic.mgc is not possible; reading /usr/share/misc must be allowed instead. Fixes: #13645 Tested-by: Peter Müller <[email protected]> Signed-off-by: Peter Müller <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Peter Müller (22 Apr 24)

    Revert "suricata: Disable Landlock support" This reverts commit b7da97fd59f010ea8fa7bca845d18e52ca89bc5a. Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Peter Müller (22 Apr 24)

    linux: Properly load Landlock module Fixes: #13645 Tested-by: Peter Müller <[email protected]> Signed-off-by: Peter Müller <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (28 Apr 24)

    kmod: update rootfile Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (28 Apr 24)

    lynis: update rootfile Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (28 Apr 24)

    core186: ship apache initskript Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Michael Tremer (26 Apr 24)

    initscripts: Correctly wait for Apache2 to terminate This is achieved by telling killproc which PIDs to wait for. Signed-off-by: Michael Tremer <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (28 Apr 24)

    core186: ship unbound-dhcp-leses-bridge Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Michael Tremer (26 Apr 24)

    unbound-dhcp-leases-bridge: Make comparison work if old file does not exist This patch catches any errors if the file did not previously exist and therefore skips the comparison. Signed-off-by: Michael Tremer <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Michael Tremer (26 Apr 24)

    unbound-dhcp-leases-bridge: Only reload if leases have actually changed This patches changes that leases will always be written in alphanumerical order so that we can later compare the newly generated file with the previous version. If it has not changed, we skip reload Unbound. Suggested-by: Nick Howitt <[email protected]> Signed-off-by: Michael Tremer <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Michael Tremer (26 Apr 24)

    unbound-dhcp-leases-bridge: Implement atomic file replacement This change no longer renames the file, but removes the old link and creates a new link for the temporary file. That helps us to jump out of the code at any point without worrying about cleaning up the temporary file. Signed-off-by: Michael Tremer <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (28 Apr 24)

    core186: ship tzdata Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Adolf Belka (25 Apr 24)

    tzdata: Update to version 2024a - Update from version 2023d to 2024a - Update of rootfile not required - Changelog 2024a Briefly: Kazakhstan unifies on UTC+5 beginning 2024-03-01. Palestine springs forward a week later after Ramadan. zic no longer pretends to support indefinite-past DST. localtime no longer mishandles Ciudad Juárez in 2422. Changes to future timestamps Kazakhstan unifies on UTC+5. This affects Asia/Almaty and Asia/Qostanay which together represent the eastern portion of the country that will transition from UTC+6 on 2024-03-01 at 00:00 to join the western portion. (Thanks to Zhanbolat Raimbekov.) Palestine springs forward a week later than previously predicted in 2024 and 2025. (Thanks to Heba Hamad.) Change spring-forward predictions to the second Saturday after Ramadan, not the first; this also affects other predictions starting in 2039. Changes to past timestamps Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00. (Thanks to Đoàn Trần Công Danh.) From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00. (Thanks to Chris Walton.) In 1911 Miquelon adopted standard time on June 15, not May 15. Changes to code The FROM and TO columns of Rule lines can no longer be "minimum" or an abbreviation of "minimum", because TZif files do not support DST rules that extend into the indefinite past - although these rules were supported when TZif files had only 32-bit data, this stopped working when 64-bit TZif files were introduced in 1995. This should not be a problem for realistic data, since DST was first used in the 20th century. As a transition aid, FROM columns like "minimum" are now diagnosed and then treated as if they were the year 1900; this should suffice for TZif files on old systems with only 32-bit time_t, and it is more compatible with bugs in 2023c-and-earlier localtime.c. (Problem reported by Yoshito Umaoka.) localtime and related functions no longer mishandle some timestamps that occur about 400 years after a switch to a time zone with a DST schedule. In 2023d data this problem was visible for some timestamps in November 2422, November 2822, etc. in America/Ciudad_Juarez. (Problem reported by Gilmore Davidson.) strftime %s now uses tm_gmtoff if available. (Problem and draft patch reported by Dag-Erling Smørgrav.) Changes to build procedure The leap-seconds.list file is now copied from the IERS instead of from its downstream counterpart at NIST, as the IERS version is now in the public domain too and tends to be more up-to-date. (Thanks to Martin Burnicki for liaisoning with the IERS.) Changes to documentation The strftime man page documents which struct tm members affect which conversion specs, and that tzset is called. (Problems reported by Robert Elz and Steve Summit.) Signed-off-by: Adolf Belka <[email protected]> Reviewed-by: Michael Tremer <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (28 Apr 24)

    core186: ship sqlite Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Adolf Belka (25 Apr 24)

    sqlite: Update to version 3450300 - Update from version 3450200 to 3450300 - Update of rootfile not required - Changelog 3450300 Fix a long-standing bug (going back to version 3.24.0) that might (rarely) cause the "old.*" values of an UPDATE trigger to be incorrect if that trigger fires in response to an UPSERT. Forum post 284955a3cd454a15. Fix a bug in sum() that could cause it to return NULL when it should return Infinity. Forum post 23b8688ef4. Other trifling corrections and compiler warning fixes that have come up since the previous patch release. See the timeline for details. Signed-off-by: Adolf Belka <[email protected]> Reviewed-by: Michael Tremer <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Arne Fitzenreiter (28 Apr 24)

    core186: ship suricata and libhtp Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Michael Tremer (24 Apr 24)

    suricata: Update to 7.0.5 This update contains fixes for the following issues: * CVE-2024-32664 CRITICAL * CVE-2024-32867 MODERATE https://forum.suricata.io/t/suricata-7-0-5-and-6-0-19-released/4617 Signed-off-by: Michael Tremer <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

  • Michael Tremer (24 Apr 24)

    libhtp: Update to 0.5.48 https://github.com/OISF/libhtp/releases/tag/0.5.48 Signed-off-by: Michael Tremer <[email protected]> Signed-off-by: Arne Fitzenreiter <[email protected]>

IPFire Website

Website

www.ipfire.org - Welcome to IPFire

IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux.

Redirects

Does not redirect

Security Checks

All 66 security checks passed

Server Details

  • IP Address 81.3.27.38
  • Hostname fw01.ipfire.org
  • Location Datteln, Nordrhein-Westfalen, Germany, EU
  • ISP Visit www.ipfire.org
  • ASN AS24679

Associated Countries

  • US
  • GB
  • DE

Saftey Score

Website marked as safe

100%

Blacklist Check

www.ipfire.org was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

IPFire Reviews

More Firewalls

About the Data: IPFire

API

You can access IPFire's data programmatically via our API. Simply make a GET request to:

https://api.awesome-privacy.xyz/networking/firewalls/ipfire

The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share IPFire

Help your friends compare Firewalls, and pick privacy-respecting software and services.
Share IPFire and Awesome Privacy with your network!

View Firewalls (14)