Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire.

Please join in and help us improving it!


IPFire is a security platform (router and firewall) which can easily be extended and further hardened with Add-ons Through these addons a basic IPFire install can be quickly scaled up to a much more complex and customizable system.

IPFire has an easy to use package system called Pakfire which is used to manage updates and addons.

Major IPFire Addons


  • Use Tor to browse the internet anonymously

File Server

  • Samba is a file server for Microsoft Windows or heterogeneous networks
  • NFS is a file server for Linux and UNIX systems
  • Tftpd adds a tftp server

WiFi access point

Printing and Scanning

  • CUPS is a standard, open source, printing system over the network
  • foomatic is for integrating software printer drivers with common spoolers
  • gutenprint is a package of high quality printer drivers for Linux
  • Sane allows you to scan documents over the network with a webinterface

BackupComplex IPFire addons which turn your IPFire system in to a backup server.

  • BackupPC provides a network backup solution with web interface
  • Dirvish is a backup script for IPFire with significant functionality
  • Bacula is a set of tools to manage backup, recovery, and verification of computer data
  • BorgBackup is a deduplicating backup program


Mail Server

  • The Mailserver used in IPFire is a mixture of Cyrus-IMAPd, Postfix and Openmailadmin.
    • You can also add: Fetchmail, Spamassassin and ClamAV or other virus scanners.


Voice over IP

  • Asterisk is an excellent Voice over IP (VoIP) exchange.


  • MPFire adds jukebox features to IPfire.
  • Icecast streams the output of MPFire to the network.
  • Gnump3d is a server for streaming MP3- and OGG-files.
  • Video Disc Recorder / VDR is a video recording / streaming server for digital TV cards.
  • miniupnpd is a lightweight implementation of a UPnP IGD daemon.
  • MiniDLNA/ReadyMedia is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients.
  • FFmpeg is a tool for handling video, audio, and other multimedia files and streams
  • Shairport is an AirPlay audio player


  • Guardian transforms the default Snortnetwork intrusion detection system (IDS) to a network intrusion prevention system (IPS)
  • Lynis is a Commandline Auditing Tool for a local scan of system and software
  • mdadm makes it possible to create software RAID devices
  • Freeradius is a multi protocol policy authentication server
  • Spectre Meltdown Checker allows users to test their hardware for vulnerabilities

Shell toolsTools for the IPFire Console or to use through a SSH connection

Network tools

  • bwm-ng is a bandwidth monitor
  • fping works like ping, but can be used eg. for scanning of complete networks
  • HAProxy - The Reliable, High Performance TCP/HTTP Load Balancer
  • Iftop is a realtime bandwidth monitor
  • IPerf/JPerf allows you to test your network speed (LAN or WLAN)
  • iptraf-ng is a console based network statistic monitoring utility.
  • keepalived can be used for virtual services and 1st hop redundancy (VRRP)
  • mtr combines the functions of traceroute and ping in one tool
  • multicat collection of tools to work on and manipulate multicast streams
  • nmap is a versatile (and powerful) IP/port scanner
  • nginx is an HTTP and reverse proxy server, as well as a mail proxy server
  • stunnel - A SSL encryption wrapper
  • tcpdump is a tool to watch and control your network connections
  • traceroute is a network tool used to follow your packets through the internet
  • tshark is a network protocol analyzer and the terminal oriented version of wireshark
  • netcat is a network tool for reading and writing to network connections using TCP/UDP
  • avahi is a system which facilitates service discovery via the mDNS/DNS-SD protocol suite
  • dehydrated is a client for signing certificates with a Let’s Encrypt server
  • frr (FRRouting) is an IP routing protocol suite
  • bird is an Internet Routing Daemon with support of all modern routing protocols

Other toolsTools to be used on the IPFire Console or through a Secure Shell connection.

  • htop is a process viewer similar to "top" but with many more features
  • igmpproxy is a simple multicast routing daemon based on mrouted
  • LCD4Linux grabs information and displays it on an external liquid crystal display
  • mc the good old Midnight Commander; an easy to use file manager
  • nano is a text editor, much easier to use than VI
  • Net-SNMP daemon is a snmp implementation amd more advanced than the basic snmpd
  • rsync is a file copying and backup utility
  • Tmux is a terminal multiplexer for the console
  • 7zip is a file archiver with a high compression ratio
  • ghostscript is a Postscript interpreter, PDF interpreter and rendering engine
  • joe is a full featured terminal-based screen editor
  • minicom is a text-based modem control and terminal emulation program for serial communications
  • telnet is used for interactive communicate with another host using the TELNET protocol
  • powertop is a tool to diagnose issues with power consumption and power management
  • ddrescue is a data recovery tool
  • wavemon is a wireless network monitor
  • sysbench is a system evaluation benchmark
  • flashrom is a utility to detect, read, write, verify and erase flash chips

System Monitoring

  • swatch is a simple log watcher. It analyzes log files and can trigger email alerts
  • Check_mk General purpose Nagios/Icinga plugin for retrieving data
  • watchdog is a service which can automatically restart IPFire in the event of a failure
  • Monit is a small utility for managing and monitoring Unix systems
  • NRPE - Set up and configure NRPE server on IPFire
  • Zabbix Agent is the agent for monitoring a host by Zabbix
  • cpufrequtils monitors the speed of the processor via CPU Graph
  • icinga is a monitoring system checking hosts and services
  • iotop is a utility, similar to top command, that monitors disk I/O usage
  • mcelog decodes the kernel machine check log on x86 machines
  • WIO (Who Is Online?) is a builtin monitoring service for the local network showing connected devices
  • observium-agent is a client for the Observium network monitoring platform

Proxy enhancements

  • Sarg A graffical analysis tool for proxy reports, which can be used over the webinterface.
  • Squid-accounting A graphical webinterface for measuring traffic per host/user and the ability to generate bills.

UPS toolsSoftware to gracefully shut down IPFire if a connected UPS runs low on power.

  • Apcupsd used for APC-branded uninterruptible Power Supplies
  • NUT (Network UPS Tools) provides monitoring and control of many uninterruptible power supplies (UPSs)

User Interface Changes

  • SideMenu EX is a complex extension of IPFire's Side menus


IPFire as virtualization host

  • Qemu provides virtualization for IPFire, so that it can host guest OSses.
  • libvirt a toolkit to manage VMs on IPFire
Edit Page ‐ Yes, you can edit!

Older Revisions • August 23 at 12:55 am • Jon