What is IPFire?
IPFire is a dedicated firewall that can be installed in any network - from data center down to your home. It is secure, fast and very versatile. Besides from being a stateful inspection firewall it can work as a VPN gateway, analyse data packets with its Intrusion Prevention System (IPS), and comes with many Add-ons that extend its functionality further.
Who is IPFire for?
IPFire is known to run
- in data centres forwarding tens of gigabit a second
- in businesses from hundreds of employees down to home office workers
- as an IoT gateway in industrial applications
- at home
You will need some basic knowledge about how computer networks work and the team behind IPFire is kindly asking you to take security seriously. Please invest some time into researching best practises to get the most out of IPFire. All you need to know is to find in this wiki.
IPFire can be installed within minutes and is configured over a web user interface.
IPFire - The Operating System
IPFire is a whole operating system being installed on appropriate hardware. It is based on Linux but unlike a stock distribution like Debian or Fedora hardened and optimised for use as a firewall. Each component and software package that is being used is selected by the developers and built from its sources. Often those are patched to improve the security of the system and reduce attack surface. To give the maintainers this kind of flexibility, IPFire is not based on another distribution.
IPFire comes with a variety of features which allow it to run in many environments with very different requirements. Starting from a simple router, it can deeper analyse packets, run helpful reports and even provide various services to the network.
- IPFire’s firewall is easy to use, yet powerful. It allows creating groups of networks, hosts and services which results in creating one rule for large parts of the network in one go. Rate limiting functionality and logging make it perfect for the hosting services in a data centre, too.
- The Quality of Service keeps your Internet fast. Allocating the right amount of bandwidth for critical applications like VoIP calls is quickly done and you will never suffer bad call quality or slow-loading websites again. It can also throttle offending users.
- The Intrusion Prevention System has a deeper look at data packets. Checking them against a signature database with well-known malware or detecting suspicious behaviour make your network more secure against more sophisticated attackers.
- The web proxy is one of IPFire’s most powerful features. Every client accessing the web will be checked for access, content can be cached to speed up browsing and it can even cache whole updates for operating systems like Microsoft Windows saving loads of bandwidth in larger networks. The URL Filter component is commonly used in schools for prevent students from accessing adult websites and it can stop malware, too.
- If you are running infrastructure in more than one places you might want to connect them using VPNs. You can connect to your data center or to the cloud using IPsec or OpenVPN and upload your backups or connect remote workers to the servers sitting in the office. IPFire can use cryptographic acceleration that some appliances provide and totally transparent tunnels with bandwidth up to 10 GBit/s are possible. Of course IPFire is compatible to other vendors like Cisco, Juniper, Lancom, and many more, too.
- To keep your network secure and prevent DNS spoofing, IPFire employs an internal DNS proxy which uses DNSSEC to filter any attacks. It cashes DNS responses to deliver them faster and can use DNS-over-TLS to speak to upstream name servers securely.