Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community


IPFire is a security platform (router and firewall) which can easily be extended and further hardened with Add-ons. Through these addons a basic IPFire install can be quickly scaled up to a much more complex and customizable system.

IPFire has an easy to use package system called Pakfire which is used to manage updates and addons.

Major IPFire Addons


  • Use Tor to browse the internet anonymously

File Server

  • Samba is a file server for Microsoft Windows or heterogeneous networks
  • NFS is a file server for Linux and UNIX systems
  • Tftpd adds a tftp server

WiFi access point

Printing and Scanning

  • CUPS is a standard, open source, printing system over the network
  • foomatic is for integrating software printer drivers with common spoolers
  • gutenprint is a package of high quality printer drivers for Linux
  • Sane allows you to scan documents over the network with a webinterface

BackupComplex IPFire addons which turn your IPFire system in to a backup server.

  • Dirvish is a backup script for IPFire with significant functionality
  • Bacula is a set of tools to manage backup, recovery, and verification of computer data
  • BorgBackup is a deduplicating backup program


Mail Server

  • The Mailserver used in IPFire is a mixture of Cyrus-IMAPd, Postfix and Openmailadmin.
    • You can also add: Fetchmail, Spamassassin and ClamAV or other virus scanners.


Voice over IP

  • Asterisk is an excellent Voice over IP (VoIP) exchange.


  • MPFire adds jukebox features to IPfire.
  • Icecast streams the output of MPFire to the network.
  • Gnump3d is a server for streaming MP3- and OGG-files.
  • Video Disc Recorder / VDR is a video recording / streaming server for digital TV cards.
  • miniupnpd is a lightweight implementation of a UPnP IGD daemon.
  • MiniDLNA/ReadyMedia is a simple media server software, with the aim of being fully compliant with DLNA/UPnP-AV clients.
  • FFmpeg is a tool for handling video, audio, and other multimedia files and streams
  • Shairport is an AirPlay audio player


  • Guardian transforms the default Snortnetwork intrusion detection system (IDS) to a network intrusion prevention system (IPS)
  • Lynis is a Commandline Auditing Tool for a local scan of system and software
  • mdadm makes it possible to create software RAID devices
  • Freeradius is a multi protocol policy authentication server
  • Spectre Meltdown Checker allows users to test their hardware for vulnerabilities

Shell toolsTools for the IPFire Console or to use through a SSH connection

Network tools

  • bwm-ng is a bandwidth monitor
  • fping works like ping, but can be used eg. for scanning of complete networks
  • HAProxy - The Reliable, High Performance TCP/HTTP Load Balancer
  • Iftop is a realtime bandwidth monitor
  • IPerf/JPerf allows you to test your network speed (LAN or WLAN)
  • iptraf-ng is a console based network statistic monitoring utility.
  • keepalived can be used for virtual services and 1st hop redundancy (VRRP)
  • mtr combines the functions of traceroute and ping in one tool
  • multicat collection of tools to work on and manipulate multicast streams
  • nmap is a versatile (and powerful) IP/port scanner
  • nginx is an HTTP and reverse proxy server, as well as a mail proxy server
  • stunnel - A SSL encryption wrapper
  • tcpdump is a tool to watch and control your network connections
  • traceroute is a network tool used to follow your packets through the internet
  • tshark is a network protocol analyzer and the terminal oriented version of wireshark
  • netcat is a network tool for reading and writing to network connections using TCP/UDP
  • avahi is a system which facilitates service discovery via the mDNS/DNS-SD protocol suite
  • dehydrated is a client for signing certificates with a Let’s Encrypt server
  • frr (FRRouting) is an IP routing protocol suite
  • bird is an Internet Routing Daemon with support of all modern routing protocols
  • speedtest-cli is a command line interface for testing internet bandwidth ← NEW

Other toolsTools to be used on the IPFire Console or through a Secure Shell connection.

  • htop is a process viewer similar to "top" but with many more features
  • igmpproxy is a simple multicast routing daemon based on mrouted
  • LCD4Linux grabs information and displays it on an external liquid crystal display
  • mc the good old Midnight Commander; an easy to use file manager
  • nano is a text editor, much easier to use than VI
  • Net-SNMP daemon is a snmp implementation amd more advanced than the basic snmpd
  • rsync is a file copying and backup utility
  • Tmux is a terminal multiplexer for the console
  • 7zip is a file archiver with a high compression ratio
  • ghostscript is a Postscript interpreter, PDF interpreter and rendering engine
  • joe is a full featured terminal-based screen editor
  • minicom is a text-based modem control and terminal emulation program for serial communications
  • telnet is used for interactive communicate with another host using the TELNET protocol
  • powertop is a tool to diagnose issues with power consumption and power management
  • ddrescue is a data recovery tool
  • wavemon is a wireless network monitor
  • sysbench is a system evaluation benchmark
  • flashrom is a utility to detect, read, write, verify and erase flash chips

System Monitoring

  • swatch is a simple log watcher. It analyzes log files and can trigger email alerts
  • Check_mk General purpose Nagios/Icinga plugin for retrieving data
  • watchdog is a service which can automatically restart IPFire in the event of a failure
  • Monit is a small utility for managing and monitoring Unix systems
  • NRPE - Set up and configure NRPE server on IPFire
  • Zabbix Agent is the agent for monitoring a host by Zabbix
  • cpufrequtils monitors the speed of the processor via CPU Graph
  • icinga is a monitoring system checking hosts and services
  • iotop is a utility, similar to top command, that monitors disk I/O usage
  • mcelog decodes the kernel machine check log on x86 machines
  • WIO (Who Is Online?) is a builtin monitoring service for the local network showing connected devices
  • observium-agent is a client for the Observium network monitoring platform

Proxy enhancements

  • Sarg A graffical analysis tool for proxy reports, which can be used over the webinterface.
  • Squid-accounting A graphical webinterface for measuring traffic per host/user and the ability to generate bills.

UPS toolsSoftware to gracefully shut down IPFire if a connected UPS runs low on power.

  • Apcupsd used for APC-branded uninterruptible Power Supplies
  • NUT (Network UPS Tools) provides monitoring and control of many uninterruptible power supplies (UPSs)

User Interface Changes

  • SideMenu EX is a complex extension of IPFire's Side menus


IPFire as virtualization host

  • Qemu provides virtualization for IPFire, so that it can host guest OSses.
  • libvirt a toolkit to manage VMs on IPFire
Edit Page ‐ Yes, you can edit!

Older Revisions • December 11 at 9:05 am • Erik Kapfer