IPFire is a security platform (router and firewall) which can easily be extended and further hardened with Add-ons Through these addons a basic IPFire install can be quickly scaled up to a much more complex and customizable system.
IPFire has an easy to use package system called Pakfire which is used to manage updates and addons.
Major IPFire Addons
- Use Tor to browse the internet anonymously
- Samba is a file server for Microsoft Windows or heterogeneous networks
- NFS is a file server for Linux and UNIX systems
- Tftpd adds a tftp server
WiFi access point
Printing and Scanning
- CUPS is a standard, open source, printing system over the network
- foomatic is for integrating software printer drivers with common spoolers
- gutenprint is a package of high quality printer drivers for Linux
- Sane allows you to scan documents over the network with a webinterface
BackupComplex IPFire addons which turn your IPFire system in to a backup server.
- BackupPC provides a network backup solution with web interface
- Dirvish is a backup script for IPFire with significant functionality
- Bacula is a set of tools to manage backup, recovery, and verification of computer data
- BorgBackup is a deduplicating backup program
- The Mailserver used in IPFire is a mixture of Cyrus-IMAPd, Postfix and Openmailadmin.
- You can also add: Fetchmail, Spamassassin and ClamAV or other virus scanners.
Voice over IP
- Asterisk is an excellent Voice over IP (VoIP) exchange.
- MPFire adds jukebox features to IPfire.
- Icecast streams the output of MPFire to the network.
- Gnump3d is a server for streaming MP3- and OGG-files.
- Video Disc Recorder / VDR is a video recording / streaming server for digital TV cards.
- miniupnpd is a lightweight implementation of a UPnP IGD daemon.
- MiniDLNA/ReadyMedia is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients.
- FFmpeg is a tool for handling video, audio, and other multimedia files and streams
- Shairport is an AirPlay audio player
- Guardian transforms the default Snortnetwork intrusion detection system (IDS) to a network intrusion prevention system (IPS)
- Lynis is a Commandline Auditing Tool for a local scan of system and software
- mdadm makes it possible to create software RAID devices
- Freeradius is a multi protocol policy authentication server
- Spectre Meltdown Checker allows users to test their hardware for vulnerabilities
- bwm-ng is a bandwidth monitor
- fping works like ping, but can be used eg. for scanning of complete networks
- HAProxy - The Reliable, High Performance TCP/HTTP Load Balancer
- Iftop is a realtime bandwidth monitor
- IPerf/JPerf allows you to test your network speed (LAN or WLAN)
- iptraf-ng is a console based network statistic monitoring utility.
- keepalived can be used for virtual services and 1st hop redundancy (VRRP)
- mtr combines the functions of traceroute and ping in one tool
- multicat collection of tools to work on and manipulate multicast streams
- nmap is a versatile (and powerful) IP/port scanner
- nginx is an HTTP and reverse proxy server, as well as a mail proxy server
- stunnel - A SSL encryption wrapper
- tcpdump is a tool to watch and control your network connections
- traceroute is a network tool used to follow your packets through the internet
- tshark is a network protocol analyzer and the terminal oriented version of wireshark
- netcat is a network tool for reading and writing to network connections using TCP/UDP
- avahi is a system which facilitates service discovery via the mDNS/DNS-SD protocol suite
- # dehydrated is a client for signing certificates with a Let’s Encrypt server
- frr (FRRouting) is an IP routing protocol suite
- bird is an Internet Routing Daemon with support of all modern routing protocols
- htop is a process viewer similar to "top" but with many more features
- igmpproxy is a simple multicast routing daemon based on mrouted
- LCD4Linux grabs information and displays it on an external liquid crystal display
- mc the good old Midnight Commander; an easy to use file manager
- nano is a text editor, much easier to use than VI
- Net-SNMP daemon is a snmp implementation amd more advanced than the basic snmpd
- rsync is a file copying and backup utility
- Tmux is a terminal multiplexer for the console
- 7zip is a file archiver with a high compression ratio
- ghostscript is a Postscript interpreter, PDF interpreter and rendering engine
- joe is a full featured terminal-based screen editor
- minicom is a text-based modem control and terminal emulation program for serial communications
- telnet is used for interactive communicate with another host using the TELNET protocol
- powertop is a tool to diagnose issues with power consumption and power management
- ddrescue is a data recovery tool
- wavemon is a wireless network monitor
- sysbench is a system evaluation benchmark
- flashrom is a utility to detect, read, write, verify and erase flash chips
- swatch is a simple log watcher. It analyzes log files and can trigger email alerts
- Check_mk General purpose Nagios/Icinga plugin for retrieving data
- watchdog is a service which can automatically restart IPFire in the event of a failure
- Monit is a small utility for managing and monitoring Unix systems
- NRPE - Set up and configure NRPE server on IPFire
- Zabbix Agent is the agent for monitoring a host by Zabbix
- cpufrequtils monitors the speed of the processor via CPU Graph
- icinga is a monitoring system checking hosts and services
- iotop is a utility, similar to top command, that monitors disk I/O usage
- mcelog decodes the kernel machine check log on x86 machines
- WIO (Who Is Online?) is a builtin monitoring service for the local network showing connected devices
- observium-agent is a client for the Observium network monitoring platform
- Sarg A graffical analysis tool for proxy reports, which can be used over the webinterface.
- Squid-accounting A graphical webinterface for measuring traffic per host/user and the ability to generate bills.
- Apcupsd used for APC-branded uninterruptible Power Supplies
- NUT (Network UPS Tools) provides monitoring and control of many uninterruptible power supplies (UPSs)
User Interface Changes
- SideMenu EX is a complex extension of IPFire's Side menus
IPFire as virtualization host
- Qemu provides virtualization for IPFire, so that it can host guest OSses.
- libvirt a toolkit to manage VMs on IPFire