The project is regularly updated by the development team to maintain the security. Developed as a
stateful packet inspection (SPI) firewall. IPFire separates the network into different segments based on their security risk which are organised in colours. Normal clients connected to the LAN are represented as green, the Internet is represented as red, an optional
DMZ is represented as orange and an optional Wireless network is represented as blue. No traffic can flow between segments unless specifically permitted through a firewall rule. IPFire's package management system, called Pakfire allows to install system updates, which keep security up to date, and additional software packages for customisation to different usage scenarios and needs. The
Linux system is customised for the concrete purpose of a firewall. The design is modular, making its functionalities extensible through plugins, but the base comes with the following features • Stateful packet-inspection
firewall based on
Linux Netfilter •
Proxy server with content filter and catching-updates functions (e.g. Microsoft Windows updates, virus scanners, etc.) •
Intrusion detection system (
Snort) with the option to install the
Intrusion Prevention System guardian via
Pakfire • Since Core Update 131 it features the
intrusion prevention system "
Suricata" instead of
snort •
Virtual private network (VPN) with
IPsec,
WireGuard and
OpenVPN •
Dynamic Host Configuration Protocol (DHCP)
server •
Caching name-server (supports
DNSSEC) •
Time server •
Wake-on-LAN (WOL) •
Dynamic DNS •
Quality of service (QoS) •
System monitoring functions and log analysis •
GeoIP filtering •
Captive Portal == Internet geolocation database ==