The new version of IPFire 2.25 Core 141 is already ready and these are its changes

The announcement of the release of the new version of the Linux distribution IPFire 2.25 Core 141, which arrives with several novelties, package updates and especially bug fixes. In this new version several added features are highlighted, of which support for DNS over TLS, support for LVM partitions, interface redesign and more.

For those who do not know this Linux distribution I can tell you that this is a linux distribution focused on simple setup, good handling and a high level of security, specifically designed to perform firewall functions (firewall) and routing in a local network.

It is regulated by an intuitive web interface through the browser, which offers many configuration options for experienced and novice sysadmins.

IPFire is characterized by a simple installation process and organization of settings through an intuitive web interface, packed with clear graphics.

The system is modular, in addition to basic packet filtering functions and traffic management for IPFire, the modules They're available with an implementation system to prevent attacks based on meerkat, to create a file server (Samba, FTP, NFS), a mail server (Cyrus-IMAPd, Postfix, Spamassassin, ClamAV and Openmailadmin) and print server (CUPS), the organization of a VoIP gateway based on Asterisk and Teamspeak, the creation of a wireless access point, the organization of the audio and video transmission server (MPFire, Videolan, Icecast, Gnump3d, VDR). IPFire uses the special Pakfire package manager to install plugins.

What's new in IPFire 2.25 Core 141?

This new edition of IPFire 2.25 Core 141 has a lot of DNS related changes, andto that according to the blog post, DNS changes are part of a major renewal campaign.

Such is the case of the redesign of the interface components and the scripts distribution related to DNS, as well as the added support for DNS over TLS and Unified DNS settings on all pages of the web interface.

It is also mentioned in the ad that it was implemented the ability to specify more than two DNS servers using the fastest server from the default list.

Of the other DNS-related changes of this new version:

  • Safe search, to filter adult contentH.Hand I implement a filter to filter adult-only sites at the DNS level of the entire network without using the web proxy
  • Faster charge by reducing the number of DNS checks.
  • A workaround if provider leaks DNS queries or bad DNSSEC support (in case of problems, the transport is switched to TLS and TCP).
  • Added the QNAME minimize mode (RFC-7816) to reduce the transfer of additional information in requests to prevent leakage of information about the requested domain and increase privacy.
  • To solve problems with fragmented packet loss, the EDNS buffer size was reduced to 1232 bytes (1232 was chosen, as it is the maximum at which the DNS response size considering IPv6 is adjusted to the minimum value MTU (1280).

Regarding package updates, this new version includes the updated versions of the packages GCC 9, Python 3, knot 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc 1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. unbound 1.9.6, dehydrated0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, tor, tshark 3.0.7.

Moreover, new plugin “amazon-ssm-agent” stands out that has been introduced for the purpose of improve integration with the Amazon cloud.

The added support for Go and Rust languages, as well as the support for LVM partitions, plus the basic composition includes the elinks browser and the rfkill package.


Finally, for those who are interested in being able to download this new version, can get the ready install images for x86_64, i586 and ARM architectures from the official website of the distribution in its download section. The size of the installation iso image is 290 MB.

The link is this.

The content of the article adheres to our principles of editorial ethics. To report an error click here.

3 comments, leave yours

Leave a Comment

Your email address will not be published. Required fields are marked with *



  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   XDXD said

    And when will ipfire 3 be released? Already pure 2.x for a long time and that include a redesign in the interface.

    1.    David naranjo said

      That only the developers will know. Although possibly the jump to the 3.x branch may occur when a big change or many changes are integrated together or perhaps when the interface is redesigned or built a new one from scratch (although this would be the least likely).
      But at the moment the development version is available (which has not been updated for a year)

  2.   luix said

    It is my fw distro by choice, and I don't change it unless it is surpassed by another,