Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community


IPFire is a security platform (router and firewall), which can easily be extended and further hardened with Add-ons. Through these add-ons, a basic IPFire install can be quickly scaled up to a much more complex and customizable system.

IPFire has an easy-to-use package system called Pakfire which is used to manage updates and add-ons.

Major IPFire Add-ons


  • Use Tor to browse the internet anonymously

File Server

  • Samba is a file server for Microsoft Windows or heterogeneous networks
  • NFS is a file server for Linux and UNIX systems
  • Tftpd adds a tftp server

WiFi access point

Printing and Scanning

  • CUPS is a standard, open source, printing system over the network
  • foomatic is for integrating software printer drivers with common spoolers
  • gutenprint is a package of high quality printer drivers for Linux
  • Sane allows you to scan documents over the network with a webinterface

BackupComplex IPFire add-ons which turn your IPFire system in to a backup server.

  • Dirvish is a backup script for IPFire with significant functionality
  • Bacula is a set of tools to manage backup, recovery, and verification of computer data
  • BorgBackup is a deduplicating backup program


Mail Server

  • The Mailserver used in IPFire is a mixture of Postfix and Openmailadmin.
    • You can also add: Fetchmail, Spamassassin, and ClamAV or other virus scanners.


Voice over IP

  • Asterisk is an excellent Voice over IP (VoIP) exchange.


  • MPFire adds jukebox features to IPfire.
  • Gnump3d is a server for streaming MP3- and OGG-files.
  • Video Disc Recorder / VDR is a video recording / streaming server for digital TV cards.
  • miniupnpd is a lightweight implementation of a UPnP IGD daemon.
  • MiniDLNA/ReadyMedia is a simple, media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients.
  • FFmpeg is a tool for handling video, audio, and other multimedia files and streams
  • Shairport is an AirPlay audio player


  • Guardian transforms the default Snort network intrusion detection system (IDS) to a network intrusion prevention system (IPS)
  • Lynis is a command-line auditing tool for local scanning of system and software
  • mdadm makes it possible to create software RAID devices
  • Freeradius is a multi protocol policy authentication server
  • Spectre Meltdown Checker allows users to test their hardware for vulnerabilities

Shell toolsTools for the IPFire Console or to use through a SSH connection

Network tools

  • bwm-ng is a bandwidth monitor
  • fping works like ping, but can be used for scanning entire networks
  • HAProxy - The Reliable, High Performance TCP/HTTP Load Balancer
  • Iftop is a realtime bandwidth monitor
  • IPerf/JPerf allows you to test your network speed (LAN or WLAN)
  • iptraf-ng is a console-based network statistic monitoring utility
  • keepalived can be used for virtual services and 1st hop redundancy (VRRP)
  • mtr combines the functions of traceroute and ping in one tool
  • nmap is a versatile (and powerful) IP/port scanner
  • nginx is an HTTP and reverse proxy server, as well as a mail proxy server
  • stunnel - A SSL encryption wrapper
  • tcpdump is a tool to watch and control your network connections
  • traceroute is a network tool used to follow your packets through the internet
  • tshark is a network protocol analyzer and the terminal oriented version of wireshark
  • netcat is a network tool for reading and writing to network connections using TCP/UDP
  • avahi is a system which facilitates service discovery via the mDNS/DNS-SD protocol suite
  • dehydrated is a client for signing certificates with a Let’s Encrypt server
  • frr (FRRouting) is an IP routing protocol suite
  • bird is an Internet Routing Daemon with support of all modern routing protocols
  • speedtest-cli is a command line interface for testing Internet bandwidth ← NEW

Other toolsTools to be used on the IPFire Console or through a Secure Shell connection.

  • htop is a process viewer similar to "top" but with many more features
  • igmpproxy is a simple multicast routing daemon based on mrouted
  • LCD4Linux grabs information and displays it on an external liquid crystal display
  • mc the good old Midnight Commander; an easy to use file manager
  • nano is a text editor, much easier to use than VI
  • Net-SNMP daemon is a SNMP implementation and more advanced than the basic snmpd
  • rsync is a file copying and backup utility
  • Tmux is a terminal multiplexer for the console
  • 7zip is a file archiver with a high compression ratio
  • ghostscript is a Postscript interpreter, PDF interpreter and rendering engine
  • joe is a full featured terminal-based screen editor
  • minicom is a text-based modem control and terminal emulation program for serial communications
  • telnet is used for interactive communicate with another host using the TELNET protocol
  • powertop is a tool to diagnose issues with power consumption and power management
  • ddrescue is a data recovery tool
  • wavemon is a wireless network monitor
  • sysbench is a system evaluation benchmark
  • flashrom is a utility to detect, read, write, verify and erase flash chips

System Monitoring

  • swatch is a simple log watcher. It analyzes log files and can trigger email alerts
  • watchdog is a service to automatically restart IPFire in the event of a failure
  • Monit is a small utility for managing and monitoring Unix systems
  • NRPE - Set up and configure NRPE server on IPFire
  • Zabbix Agent is the agent for monitoring a host by Zabbix
  • cpufrequtils monitors the speed of the processor via CPU Graph
  • icinga is a monitoring system checking hosts and services
  • iotop is a utility, similar to top command, that monitors disk I/O usage
  • mcelog decodes the kernel machine check log on x86 machines
  • WIO (Who Is Online?) is a builtin monitoring service for the local network showing connected devices
  • observium-agent is a client for the Observium network monitoring platform

Proxy enhancements

  • Sarg A graphical analysis tool for proxy reports, which can be used over the webinterface.
  • Squid-accounting A graphical web interface for measuring traffic per host/user and the ability to generate bills.

UPS toolsSoftware to gracefully shut down IPFire if a connected UPS runs low on power.

  • Apcupsd used for APC-branded Uninterruptible Power Supplies
  • NUT (Network UPS Tools) provides monitoring and control of many uninterruptible power supplies (UPSs)

User Interface Changes

  • SideMenu EX is a complex extension of IPFire's Side menus


IPFire as virtualization host

  • Qemu provides virtualization for IPFire, so that it can host guest OSes.
  • libvirt a toolkit to manage VMs on IPFire
Edit Page ‐ Yes, you can edit!

Older Revisions • March 18 at 10:56 pm • Derek McWilliams