IPFire Core Update 200: Enhanced Security and Performance
IPFire, a popular network firewall distribution, has released its 200th core update, marking a significant milestone in the 2.29 branch. This update brings a range of exciting features, including a kernel upgrade, a beta domain blocklist service, and security patches for OpenSSL and glibc.
Kernel Upgrade and Security Enhancements
The kernel has been rebased on Linux 6.18.7 LTS, providing updated hardware security mitigations and network throughput improvements. Additionally, the release includes security patches for OpenSSL and glibc, addressing several CVEs.
IPFire DBL: A New Domain Blocklist Service
The update introduces IPFire DBL, a domain blocklist service that replaces the retired Shalla list. DBL is available in two places: the URL filter for proxy-based blocking and as a Suricata rules source. This service enables deep packet inspection across DNS, TLS, HTTP, and QUIC connections.
Suricata and IPS Changes
A cache management fix addresses a bug introduced in the previous update, where Suricata’s pre-compiled signature cache grew without limit. The Suricata reporter has also been updated to surface hostname information and additional protocol metadata for alerts.
Other notable changes include OpenVPN configuration updates, a multi-threaded DNS proxy, and wireless access point fixes.
Conclusion and Call to Action
In conclusion, IPFire Core Update 200 is a significant release that enhances security and performance. We recommend that users upgrade to this latest version to take advantage of the new features and security patches.
For more information on IPFire and its features, please visit the official website.
Frequently Asked Questions
- What is IPFire DBL, and how does it work?
- How do I upgrade to IPFire Core Update 200?
- What are the benefits of using IPFire as a network firewall distribution?
- How does IPFire DBL compare to other domain blocklist services?
- What are the system requirements for running IPFire Core Update 200?








