IPFire
ipfire.orgA hardened, versatile, state-of-the-art open source firewall based on Linux. Its ease of use, high performance and extensibility make it usable for everyone.
- Homepage: ipfire.org
- GitHub: github.com/ipfire/ipfire-2.x
- Web info: web-check.xyz/results/ipfire.org
IPFire Source Code
Author
Description
IPFire 2.x development tree
Homepage
License
Created
15 Jan 13
Last Updated
04 Oct 24
Latest version
Primary Language
Perl
Size
93,336 KB
Stars
160
Forks
77
Watchers
160
Language Usage
Star History
Top Contributors
- @mtremer (7086)
- @pmu-ipf (1587)
- @DaStevee (1334)
- @jonaschl (197)
- @jtuecking (172)
- @Leyvur (69)
- @ummeegge (67)
- @alfh (58)
- @RobinR1 (45)
- @teissler (25)
- @realglotzi (23)
- @Arne-F (21)
- @Starkstromkonsument (16)
- @jiweigert (14)
- @larsen0815 (12)
- @SaschaKilian1983 (7)
- @sonic42 (6)
- @fischerm42 (6)
- @mcbridematt (5)
- @MEitelwein (5)
- @steph78630 (5)
- @ramaxlo (4)
- @hadfl (4)
- @Smookydope (4)
- @wapolinar (3)
- @dutchtux (3)
- @ric211 (3)
- @rollopack (3)
- @lentferj (2)
- @JonMurphy (2)
Recent Commits
- Michael Tremer (04 Oct 24)
core189: Ship and restart Unbound Signed-off-by: Michael Tremer <[email protected]>
- Matthias Fischer (04 Oct 24)
unbound: Update to 1.21.1 For details see: https://nlnetlabs.nl/projects/unbound/download/#unbound-1-21-1 "Fix CVE-2024-8508, unbounded name compression could lead to denial of service." Signed-off-by: Matthias Fischer <[email protected]> Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (26 Sept 24)
ovpnmain.cgi: Remove using dropped &General::getlastip() function Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (26 Sept 24)
header.pl: Force browsers to reload rrdimage.js Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (22 Sept 24)
ovpnmain.cgi: Fix IP address calculation with static pools Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (24 Sept 24)
core189: Ship suricata changes Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (24 Sept 24)
suricata: Enable scanning IPsec packets Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (22 Sept 24)
ids.cgi: Add UI to enable scanning on IPsec Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (22 Sept 24)
suricata: Add support for zones having multiple interfaces Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (22 Sept 24)
suricata: Split marking packets off into a separate chain This is required so that we can have different policies for incoming and outgoing packets. Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (21 Sept 24)
suricata: Clear IPS bits after use Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (21 Sept 24)
suricata: Always count the whitelisted packets Even if there are no rules, if this does not exist, collectd will be unhappy and we cannot generate the graph. Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (21 Sept 24)
ids.cgi: Don't show the graph if there is no RRD data Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (21 Sept 24)
ids.cgi: Fix empty states of tables Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (21 Sept 24)
graphs.pl: Fix suricata graph name Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (17 Sept 24)
firewall: Move the IPS back to INPUT/FORWARD/OUTPUT We cannot use the PREROUTING/POSTROUTING chains here because Suricata will fail to track NAT-ed connections. Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (13 Sept 24)
suricata: Track whitelisted traffic and add it to the IPS graph Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
IPS: Ada a graph that shows the IPS throughput This graph is split into three parts. One shows bypassed packets, the next one shows the actually scanned packets and lastly we show the total throughput. Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
suricata: Collect metrics on scanned and bypassed packets Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
suricata: Force Suricata to write a PID file again The PID file does not get written when Suricata is not being started in daemon mode and therefore we need to pass it as a command line parameter. The initscript should not deal with the PID file when starting but needs it to terminate the process and to check the process status. The web UI can use the PID file again. Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
suricata: Fix syntax error in watcher script Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
suricata: Remove debugging code Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
firewall: Move the IPS after the NAT marking This is because we might still land in the scenario where Suricata crashes and NFQUEUE will simply ACCEPT all packets which will terminate the processing of the mangle table. Therefore the NFQUEUE rule should be the last one so that we never skip any of the other processing. Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
ids.cgi: Fix detection for the Suricata process We don't seem to have a PID file any more. Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
ids.cgi: Remove box from the top section Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
ids.cgi: Sort whitelist entries Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
ids.cgi: Use new-style table for whitelist entries Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
ids.cgi: Use new style tables for rulesets Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
suricata: Fix broken spacing in the settings section Signed-off-by: Michael Tremer <[email protected]>
- Michael Tremer (10 Sept 24)
suricata: Add option to scan WireGuard Signed-off-by: Michael Tremer <[email protected]>
IPFire Website
Website
www.ipfire.org - Welcome to IPFire
IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux.
Redirects
Does not redirect
Security Checks
All 66 security checks passed
Server Details
- IP Address 81.3.27.38
- Hostname fw01.ipfire.org
- Location Datteln, Nordrhein-Westfalen, Germany, EU
- ISP Visit www.ipfire.org
- ASN AS24679
Associated Countries
- US
- GB
- DE
Saftey Score
Website marked as safe
100%
Blacklist Check
www.ipfire.org was found on 0 blacklists
- ThreatLog
- OpenPhish
- PhishTank
- Phishing.Database
- PhishStats
- URLhaus
- RPiList Not Serious
- AntiSocial Blacklist
- PhishFeed
- NABP Not Recommended Sites
- Spam404
- CRDF
- Artists Against 419
- CERT Polska
- PetScams
- Suspicious Hosting IP
- Phishunt
- CoinBlockerLists
- MetaMask EthPhishing
- EtherScamDB
- EtherAddressLookup
- ViriBack C2 Tracker
- Bambenek Consulting
- Badbitcoin
- SecureReload Phishing List
- Fake Website Buster
- TweetFeed
- CryptoScamDB
- StopGunScams
- ThreatFox
- PhishFort
Website Preview
IPFire Reviews
More Self-Hosted Network Security
-
Network-level advertisement and Internet tracker blocking application which acts as a DNS sinkhole. Pi-Hole can significantly speed up your internet, remove ads and block malware. It comes with a nice web interface and a mobile app with monitoring features, it's open source, easy to install and very widely used.
-
Another DNS server for blocking privacy-invasive content at its source. Technitium doesn't require much of a setup, and basically works straight out of the box, it supports a wide range of systems (and can even run as a portable app on Windows). It allows you to do some additional tasks, such as add local DNS addresses and zones with specific DNS records. Compared to Pi-Hole, Technitium is very lightweight, but lacks the deep insights that Pi-Hole provides, and has a significantly smaller community behind it.
-
A simple way to set up a home VPN on any Debian server. Supports OpenVPN and WireGuard with elliptic curve encryption keys up to 512 bit. Supports multiple DNS providers and custom DNS providers - works nicely along-side PiHole.
-
Powerful open source web content filter.
-
Widely used, open source firewall/router.
-
Detect if you have a malware-infected computer on your network, and powerful network analysis framework and monitor.
-
Open-source self-hosted VPN and firewall built on WireGuard®.
About the Data: IPFire
API
You can access IPFire's data programmatically via our API.
Simply make a GET
request to:
https://api.awesome-privacy.xyz/networking/self-hosted-network-security/ipfire
The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.
About the Data
Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.
Share IPFire
Help your friends compare Self-Hosted Network Security, and pick privacy-respecting software and services.
Share IPFire and Awesome Privacy with your network!