19views
IPFire has released version 2.29 Core Update 200, delivering a range of platform improvements, security patches, and component upgrades for its open-source firewall distribution.
This release moves the system to Linux kernel 6.18.7 LTS, bringing enhancements in performance, packet handling efficiency, latency, and hardware-level protections. Support for the ReiserFS filesystem has been discontinued upstream, meaning systems still using it must migrate to a supported filesystem before upgrading.
A key addition in this update is IPFire DBL, a newly developed domain blocklist introduced after the Shalla list was retired. The IPFire team is now maintaining its own categorized database to help filter malicious domains, social media platforms, adult content, and other web categories.
The Suricata intrusion detection and prevention engine has been corrected to resolve a signature cache problem introduced previously, where the cache could grow indefinitely and consume disk space. Reporting has also been enhanced, with email alerts and PDF reports now providing expanded hostname and protocol information for DNS, HTTP, TLS, and QUIC events.
OpenVPN configuration management has been improved. The MTU value is no longer statically defined in client files and is now distributed by the server. One-time password tokens are automatically pushed when enabled, and the CA certificate has been removed from client configs since it is already embedded in the PKCS#12 bundle.
Wireless functionality has been refined with the return of 802.11a/g mode support. Logging verbosity issues in hostapd have been addressed, and pre-shared keys containing special characters are now handled correctly.
Performance improvements extend to Unbound, the built-in DNS resolver, which now operates with one thread per CPU core instead of running in a single-threaded mode. PPP behavior has also been optimized so LCP keepalive packets are transmitted only when no other traffic is detected, helping reduce unnecessary overhead on DSL and mobile links.
On the security front, OpenSSL has been upgraded to version 3.6.1 to address multiple vulnerabilities. Other major components updated in this release include Apache 2.4.66, OpenVPN 2.6.17, Suricata 8.0.3, Unbound 1.24.2, Rust 1.92, and BIND 9.20.18. Several add-ons have also been refreshed, including ClamAV 1.5.1, Tor 0.4.8.21, Samba 4.23.4, and Git 2.52.
Core Update 200 is available for download in x86_64 and aarch64 builds for new installations. Existing deployments can upgrade directly through the web interface or by using the pakfire update command.
For more information, see the announcement.
add a comment
LLVM 22.1 Released With Backend, LLDB, and ThinLTO Updates
The LLVM open-source compiler framework has officially introduced LLVM 22.1, marking the first stable release in the 22.x development cycle...
Arch Linux March ISO Is Out With Kernel, Desktop, and Security Updates
Arch Linux has released its March 2026 installation image, labeled 2026.03.01. This ISO bundles all package updates delivered to the...
AerynOS Feb 2026 Snapshot Updates Desktops, MOSS Gets Faster
The in-development Linux distribution AerynOS has released its February 2026 progress report together with a new test image, AerynOS 2026.02...
Pangolin 1.16 Tunneled Reverse Proxy Adds SSH Auth Daemon
The open-source remote access platform Pangolin has introduced version 1.16, bringing several enhancements focused on identity-driven access and platform usability....
