release of a distribution kit for creating routers and firewalls . IPFire features a simple installation process and organization of configuration through an intuitive web-based interface, replete with visual graphs. Installation size 290 MB (x86_64, i586, ARM).
The system is modular, in addition to the basic functions of packet filtering and traffic management for IPFire, modules are available with the implementation of the system to prevent attacks based on Suricata, to create a file server (Samba, FTP, NFS), a mail server (Cyrus-IMAPd, Postfix, Spamassassin, ClamAV and Openmailadmin) and a print server (CUPS), organizing a VoIP gateway based on Asterisk and Teamspeak, creating a wireless access point, organizing a streaming audio and video server (MPFire, Videolan, Icecast, Gnump3d, VDR). To install add-ons in IPFire, a special package manager Pakfire is used.
In the new release:
- Reworked interface components and distribution scripts related to DNS:
- Added support for DNS-over-TLS.
- DNS settings on all pages of the web interface have been unified.
- Implemented the ability to specify more than two DNS servers using the fastest server from the default list.
- QNAME Minimization mode (RFC-7816) has been added to reduce the transmission of additional information in requests in order to prevent leaks of information about the requested domain and increase privacy.
- Implemented a filter to screen out adult-only sites at the DNS level.
- Speed ββup loading by reducing the number of DNS checks.
- A workaround has been implemented in case of filtering DNS requests by the provider or incorrect support for DNSSEC (in case of problems, the transport is switched to TLS and TCP).
- To address fragmented packet loss issues, the EDNS buffer size has been reduced to 1232 bytes (value 1232 is chosen as it is the maximum at which the DNS response size, considering IPv6, fits into the minimum MTU value (1280).
- Updated package versions, including GCC 9, Python 3, knot 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc 1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. unbound 1.9.6.
- Added support for Go and Rust languages. The main composition includes the elinks browser and the package .
- Addons updated dehydrated 0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, tor 0.4.2.5, tshark 3.0.7. A new amazon-ssm-agent add-on has been added to improve integration with the Amazon cloud.
- Cleaned up debugging information in executable files to reduce distribution size after installation.
- Added support for LVM partitions.
- IPS (Intrusion Prevention System) adds support for filtering network packets from OpenVPN clients;
- In Pakfire, HTTPS is used to download the list of mirrors (previously, the first request was via HTTP, and the server already issued a redirect to HTTPS).
Source: opennet.ru