IPFire is a security platform (router and firewall), which can easily be extended and further hardened with Add-ons. Through these add-ons, a basic IPFire install can be quickly scaled up to a much more complex and customizable system.
IPFire has an easy-to-use package system called Pakfire which is used to manage updates and add-ons.
Major IPFire Add-ons
- Use Tor to browse the internet anonymously
- Samba is a file server for Microsoft Windows or heterogeneous networks
- NFS is a file server for Linux and UNIX systems
- Tftpd adds a tftp server
- Netatalk is a file server for Macintosh computers
WiFi access point
Printing and Scanning
- CUPS is a standard, open source, printing system over the network
- foomatic is for integrating software printer drivers with common spoolers
- gutenprint is a package of high quality printer drivers for Linux
- Sane allows you to scan documents over the network with a web interface
Complex IPFire add-ons which turn your IPFire system in to a backup server
- Dirvish is a backup script for IPFire with significant functionality
- bacula is a set of tools to manage backup, recovery, and verification of computer data
- BorgBackup is a deduplicating backup program
- mdns-repeater - mDNS repeater daemon
- socat is command line utility that establishes bidirectional transfers data locations
- You can also add: Fetchmail, Spamassassin, and ClamAV or other virus scanners.
Voice over IP
- Asterisk is an excellent Voice over IP (VoIP) exchange.
- MPFire adds jukebox features to IPfire.
- Gnump3d is a server for streaming MP3- and OGG-files.
- Video Disc Recorder / VDR is a video recording / streaming server for digital TV cards.
- miniupnpd is a lightweight implementation of a UPnP IGD daemon.
- MiniDLNA/ReadyMedia is a simple, media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients.
- FFmpeg is a tool for handling video, audio, and other multimedia files and streams
- Shairport is an AirPlay audio player
- Guardian transforms the default Snort network intrusion detection system (IDS) to a network intrusion prevention system (IPS)
- Lynis is a command-line auditing tool for local scanning of system and software
- mdadm makes it possible to create software RAID devices
- Freeradius is a multi protocol policy authentication server
- Spectre Meltdown Checker allows users to test their hardware for vulnerabilities
Tools for the IPFire Console or to use through a SSH connection
- bwm-ng is a bandwidth monitor
- fping works like ping, but can be used for scanning entire networks
- Iftop is a realtime bandwidth monitor
- IPerf/JPerf allows you to test your network speed (LAN or WLAN)
- iptraf-ng is a console-based network statistic monitoring utility
- keepalived can be used for virtual services and 1st hop redundancy (VRRP)
- mtr combines the functions of trace-route and ping in one tool
- nmap is a versatile (and powerful) IP/port scanner
- nginx is an HTTP and reverse proxy server, as well as a mail proxy server
- stunnel - A SSL encryption wrapper
- tcpdump is a tool to watch and control your network connections
- traceroute is a network tool used to follow your packets through the internet
- tshark is a network protocol analyzer and the terminal oriented version of wireshark
- netcat is a network tool for reading and writing to network connections using TCP/UDP
- avahi is a system which facilitates service discovery via the mDNS/DNS-SD protocol suite
- dehydrated is a client for signing certificates with a Let’s Encrypt server
- frr (FRRouting) is an IP routing protocol suite
- bird is an Internet Routing Daemon with support of all modern routing protocols
- speedtest-cli is a command line interface for testing Internet bandwidth
Tools to be used on the IPFire Console or through a Secure Shell connection
- htop is a process viewer similar to "top" but with many more features
- igmpproxy is a simple multicast routing daemon based on mrouted
- LCD4Linux grabs information and displays it on an external liquid crystal display
- mc the good old Midnight Commander; an easy to use file manager
- nano is a text editor, much easier to use than VI
- Net-SNMP daemon is a SNMP implementation and more advanced than the basic snmpd
- rsync is a file copying and backup utility
- Tmux is a terminal multiplexer for the console
- 7zip is a file archiver with a high compression ratio
- ghostscript is a Postscript interpreter, PDF interpreter and rendering engine
- joe is a full featured terminal-based screen editor
- minicom is a text-based modem control and terminal emulation program for serial communications
- telnet is used for interactive communicate with another host using the TELNET protocol
- powertop is a tool to diagnose issues with power consumption and power management
- ddrescue is a data recovery tool
- wavemon is a wireless network monitor
- sysbench is a system evaluation benchmark
- flashrom is a utility to detect, read, write, verify and erase flash chips
- swatch is a simple log watcher. It analyzes log files and can trigger email alerts
- watchdog is a service to automatically restart IPFire in the event of a failure
- Monit is a small utility for managing and monitoring Unix systems
- NRPE - Set up and configure NRPE server on IPFire
- Zabbix Agent is the agent for monitoring a host by Zabbix
- cpufrequtils monitors the speed of the processor via CPU Graph
- icinga is a monitoring system checking hosts and services
- iotop is a utility, similar to top command, that monitors disk I/O usage
- mcelog decodes the kernel machine check log on x86 machines
- WIO (Who Is Online?) is a builtin monitoring service for the local network showing connected devices
- observium-agent is a client for the Observium network monitoring platform
- Sarg is graphical analysis tool for proxy reports, which can be used over the web interface.
- Squid-accounting is graphical web interface for measuring traffic per host/user and the ability to generate bills.
Software to gracefully shut down IPFire if a connected UPS runs low on power
- Apcupsd used for APC-branded Uninterruptible Power Supplies
- NUT (Network UPS Tools) provides monitoring and control of many uninterruptible power supplies (UPSs)
User Interface Changes
- SideMenu EX is a complex extension of IPFire's Side menus
IPFire as virtualization host
- Qemu provides virtualization for IPFire, so that it can host guest OSes.
- libvirt a toolkit to manage VMs on IPFire