IPFire is a security platform (router and firewall), which can easily be extended and further hardened with Add-ons. Through these add-ons, a basic IPFire install can be quickly scaled up to a much more complex and customizable system.

IPFire has an easy-to-use package system called Pakfire which is used to manage updates and add-ons.

Major IPFire Add-ons

Anonymity

  • Use Tor to browse the internet anonymously

File Server

  • Netatalk is a file server for Macintosh computers
  • NFS is a file server for Linux and UNIX systems
  • Samba is a file server for Microsoft Windows or heterogeneous networks
  • tftpd adds a tftp server

WiFi access point

Printing and Scanning

  • CUPS is a standard, open source, printing system over the network
  • foomatic is for integrating software printer drivers with common spoolers
  • gutenprint is a package of high quality printer drivers for Linux
  • hplip provides printing support for over 3000 HP printer models

Backup

Complex IPFire add-ons which turn your IPFire system in to a backup server

  • bacula is a set of tools to manage backup, recovery, and verification of computer data
  • BorgBackup is a deduplicating backup program
  • rsnapshot is a filesystem snapshot utility based on rsync

Communications

  • mDNS repeater - mDNS repeater daemon
  • socat is command line utility that establishes bidirectional transfers data locations

Mail Server

  • Clam AntiVirus (ClamAV) is a mail gateway and file-on-demand scanning software
  • fetchmail is a mail-retrieval and forwarding utility
  • Postfix is a mail transfer agent (MTA) that routes and delivers email

Peer-to-Peer-Clients

Security

  • Freeradius is a multi protocol policy authentication server
  • Guardian - protects against SSH brute-force attacks & brute-force attacks against the IPFire WebUI
  • Lynis is a command-line auditing tool for local scanning of system and software
  • mdadm makes it possible to create software RAID devices (Part of the core programs since 2014)
  • Spectre Meltdown Checker allows users to test their hardware for vulnerabilities

Shell tools

Tools for the IPFire Console or to use through SSH connections

Network tools

  • avahi is a system which facilitates service discovery via the mDNS/DNS-SD protocol suite
  • bird is an Internet Routing Daemon with support of all modern routing protocols
  • bwm-ng is a bandwidth monitor
  • dehydrated is a client for signing certificates with a Let’s Encrypt server
  • fireperf is a tool for network benchmarking
  • fping works like ping, but can be used for scanning entire networks
  • frr (FRRouting) is an IP routing protocol suite
  • HAProxy - TCP/HTTP load balancer
  • Iftop is a realtime bandwidth monitor
  • IPerf/JPerf allows you to test your network speed (LAN or WLAN)
  • iptraf-ng is a console-based network statistic monitoring utility
  • keepalived can be used for virtual services and 1st hop redundancy (VRRP)
  • mtr combines the functions of trace-route and ping in one tool
  • ncat is a network tool for reading and writing to network connections using TCP/UDP
  • nginx is an HTTP and reverse proxy server, as well as a mail proxy server
  • nmap is a versatile (and powerful) IP/port scanner
  • pmacct - monitors data usage (IP-based or MAC-based) down to the client level
  • speedtest-cli is a command line interface for testing Internet bandwidth
  • stunnel - SSL encryption wrapper
  • tcpdump is a tool to watch and control your network connections
  • traceroute is a network tool used to follow your packets through the internet
  • tshark is a network protocol analyzer and the terminal oriented version of wireshark

Other tools

Tools to be used on the IPFire Console or through a Secure Shell connection

  • 7zip is a file archiver with a high compression ratio
  • ddrescue is a data recovery tool
  • firmware-update - flash the latest firmware version onto the SPI flash of the board
  • flashrom is a utility to detect, read, write, verify and erase flash chips
  • fmt - a simple text formatter
  • ghostscript is a Postscript interpreter, PDF interpreter and rendering engine
  • git - a version control management system
  • gptfdisk - a CLI tool to partition hard-drives with GPT
  • htop is a process viewer similar to "top" but with many more features
  • igmpproxy is a simple multicast routing daemon based on mrouted
  • ipvsadm - virtual server administration
  • joe is a full featured terminal-based screen editor
  • lcdproc - a client/server suite including drivers for all kinds of LCD devices
  • lshw provides detailed information on the hardware configuration
  • make - a utility to maintain groups of programs
  • mc the good old Midnight Commander; an easy to use file manager
  • minicom is a text-based modem control and terminal emulation program for serial communications
  • ncdu is a a graphical disk usage monitor
  • Net-SNMP is a SNMP implementation and more advanced than the basic snmpd
  • oci-cli - command line tools for Oracle Cloud
  • powertop is a tool to diagnose issues with power consumption and power management
  • rsync is a file copying and backup utility
  • sslh is an ssl/ssh multiplexer
  • stress - stress testing
  • sysbench is a system evaluation benchmark
  • telnet is used for interactive communicate with another host using the TELNET protocol
  • Tmux is a terminal multiplexer for the console
  • wavemon is a wireless network monitor

System Monitoring

  • cpufrequtils monitors the speed of the processor via CPU Graph
  • icinga is a monitoring system checking hosts and services
  • iotop is a utility, similar to top command, that monitors disk I/O usage
  • mcelog decodes the kernel machine check log on x86 machines
  • monit is a small utility for managing and monitoring Unix systems
  • NRPE - Set up and configure NRPE server on IPFire
  • observium-agent is a client for the Observium network monitoring platform
  • Swatch is a simple log watcher. It analyzes log files and can trigger email alerts
  • watchdog is a service to automatically restart IPFire in the event of a failure
  • wio (Who Is Online?) is a builtin monitoring service for the local network showing connected devices
  • Zabbix Agent is the agent for monitoring a host by Zabbix

Proxy enhancements

  • Proxy Accounting is graphical web interface for measuring traffic per host/user and the ability to generate bills.
  • Sarg is graphical analysis tool for proxy reports, which can be used over the web interface.

UPS tools

Software to gracefully shut down IPFire if a connected UPS runs low on power

  • Apcupsd used for APC-branded Uninterruptible Power Supplies
  • Network UPS Tools (NUT) - monitoring & control of many uninterruptible power supplies (UPSs)

User Interface Changes

  • SideMenu EX is a complex extension of IPFire's Side menus

Virtualization

IPFire as virtualization host

  • libvirt a toolkit to manage VMs on IPFire
  • Qemu provides virtualization for IPFire, so that it can host guest OSes.

Multimedia

  • FFmpeg is a tool for handling video, audio, and other multimedia files and streams
  • Gnump3d is a server for streaming MP3- and OGG-files.
  • MiniDLNA/ReadyMedia - media server and fully compliant with DLNA/UPnP-AV clients
  • MPFire adds jukebox features to IPfire.
  • myMPD fresh webgui for mpd.
  • Shairport is an AirPlay audio player
  • Video Disc Recorder / VDR is a video recording / streaming server for digital TV cards.