IPFire 2.29 Core Update 198: Elevating Network Security with Advanced IPS Reporting
Article Text:
The release of IPFire 2.29 Core Update 198 marks a significant milestone in the evolution of this open-source firewall, introducing enhanced Intrusion Prevention System (IPS) capabilities powered by Suricata 8.0.1. This update focuses on improving network monitoring through innovative reporting tools, alongside comprehensive package updates to bolster security and performance.
Enhanced IPS Reporting Features
A standout feature in this release is the new IPS reporting suite, which revolutionizes how network activity is tracked and documented. Administrators can now receive immediate email notifications for alerts exceeding user-defined thresholds, ensuring critical incidents are flagged in real-time without the need to sift through extensive logs.
Scheduled PDF reports, generated daily, weekly, or monthly, provide comprehensive summaries of all alerts in a readable format suitable for archiving or sharing with stakeholders. Additionally, alerts can be forwarded to remote syslog servers, offering an independent log trail that remains intact even if the firewall is compromised, thereby enhancing forensic analysis capabilities.
These features significantly improve auditability, allowing teams to maintain verifiable records of threat detection and response, even in adversarial scenarios. By extending IPS data beyond the device itself, IPFire strengthens operational accountability and simplifies compliance efforts.
Upgraded Intrusion Prevention System
The upgrade to Suricata 8.0.1 brings several enhancements to the IPS. The system now caches compiled rules for faster startups and includes more resilient memory management. Expanded protocol support covers DNS-over-HTTP/2, Multicast DNS, LDAP, POP3, SDP in SIP, SIP over TCP, and WebSocket, enabling deeper traffic inspection.
On ARM architectures, the Vectorscan library optimizes pattern matching using advanced vector instructions, delivering improved performance in resource-constrained environments. These enhancements ensure the IPS remains efficient against evolving threats while minimizing hardware overhead.
Comprehensive Package Updates
The IPFire toolchain has been rebased on GNU Compiler Collection 15.2.0, GNU Binutils 2.42, and GNU glibc 2.42, incorporating bug fixes, security patches, and performance gains. A broad array of packages received updates, including BIND 9.20.13 for DNS stability, cURL 8.16.0 for secure transfers, and sudo 1.9.17p2 for privilege management improvements.
Intel’s latest microcode addresses recent processor vulnerabilities, while GRUB has been fortified against multiple exploits. Notably, responsible disclosure from VulnCheck and Pellera Technologies revealed 18 web UI vulnerabilities due to insufficient input validation from browsers. These have been patched and assigned CVEs from 2025-34301 to 2025-34318, all rated with potential for cross-site scripting or injection if exploited by authenticated administrators.
Security Enhancements and Vulnerability Fixes
The update addresses several critical security vulnerabilities. The included expat 2.7.1 package fixes CVE-2024-8176, a stack overflow vulnerability in the libexpat library that could potentially lead to denial of service attacks or memory corruption when parsing XML documents with deeply nested entity references. The xz 5.8.1 update also resolves CVE-2025-31115, a critical vulnerability that could allow for arbitrary code execution through manipulated compressed files.
The firewall functionality has been enhanced with a significant change to outgoing connection handling. Previously, outgoing connections using an Alias IP address would be Network Address Translated (NAT) to the default IP address on the RED interface. This behavior has been modified to maintain the original alias IP address, providing more consistent and predictable network traffic flow.
Infrastructure Improvements
A notable infrastructure improvement comes with the replacement of libidn with libidn2 throughout the distribution. This change aligns with industry best practices, as libidn2 provides better compatibility with IDNA 2008 standards and offers enhanced security features compared to its predecessor.
The Pakfire package management system, which handles updates and add-ons, has received significant usability improvements. Developer Stephen Cuka contributed enhancements that make the controls more intuitive and clearer, while also improving language translations for international users.
User Recommendations
The IPFire team strongly recommends that all users upgrade to this release as soon as possible to benefit from these security enhancements and improvements. As with all major updates, users are advised to back up their configurations before upgrading and test the new release in non-critical environments first.
With its post-quantum cryptography support, IPFire 2.29 positions itself as a forward-looking firewall solution prepared for emerging security challenges in 2025 and beyond.
