This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!
Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.
As aguide for new readers, this guide uses two scales:
|Security benefit (impact)|
| --- | --- | --- | --- |
|Effort to implement|
| --- | --- | --- | --- |
| Go with security expert's advice. Source Google Security Blog |
Most IPFire features create logs which are visible from the WUI. Without regularly checking logs it can be very difficult to know if your system is under attack, or at worst an intruder already has access to it.
Depending on your preference, you may prefer to configure some logs to be emailed to you. It would be best if this is to an internal email server and not an internet-based server as logs can contain sensitive information about your IPFire system and it's configuration.
Aim to checkat least these logs regularly:
* The WUI Status > Services page, to ensure services are still running and you don't suddenly have a high number of processes or high memory usage
* The Log Summary page
* IDS Logs (if your IDS is configured, otherwise it will be of little value)
* Firewall log (Port)
* Firewall log (Country) to note which countries most attacks come from.
* After you have enabled the GeoIP Block (highly recommended, below) to see the number of hits against your firewall from countries which you are blocking:
- In the WUI open the "Firewall" menu and click "iptables"
- In the first "iptables" section, select "GEOIPBLOCK" from the drop down list
- Click Update
- A list of the countries you block will be displayed along with a packet and byte count for the number of hits those countries have had against your firewall and the volume of traffic blocked
When installing IPFire, ensure there is a large amount of space available for logs. Ideally IPFire will allow users to create a separate /var/log filesystem in future as this will prevent wp>denial of service attacks created by thousands of deliberate log entries.
* When installing IPFire, ensure there is a generous capacity available for logs
* If possible, create a separate partition and remount /var/log on it
To check space availability go to menu Status > Media. Scroll down to Disk usage and search for Mounted on "/var".
In the past IPFire only ran on 32 bit systems but now the majority of people use the 64 bit version. The 64 bit version has Linux kernel security mitigations (for "Meltdown", "Spectre" and the like) which are not as well tested in the 32 bit version.
* Backup a 32 bit IPFire system and reinstall with the 64 bit release
It is ideal to change the login details of accounts used to administer any system. This adds another step for a potential attacker who now has to guess your login as well as attempt to break (or brute-force) your password.
Note: Currently this requires a high amount of effort for an inexperienced user. Hopefully in future IPFire will ask new users for accounts they would like in the installation process
If you really need to manage an IPFire system from the internet (or any "hostile" network) do not open the WUI (tcp port 444) or wp>SSH (tcp port 22) directly to the internet. Instead research how to configure a secure VPN and use VPN access to administer IPFire using the WUI as if you were connected to on the local network.
* If you need to manage IPFire from the internet, configure and use a wp>VPN to administer IPFire systems over the internet
* Two different VPNs are supported in IPFire: IPSec and OpenVPN although you could use a separate VPN appliance.
Next Page: additional_security_configuration|