The announcement of the release of the new version of the Linux distribution IPFire 2.25 Core 141, which arrives with several novelties, package updates and especially bug fixes. In this new version several added features are highlighted, of which support for DNS over TLS, support for LVM partitions, interface redesign and more.
For those who do not know this Linux distribution I can tell you that this is a linux distribution focused on simple setup, good handling and a high level of security, specifically designed to perform firewall functions (firewall) and routing in a local network.
It is regulated by an intuitive web interface through the browser, which offers many configuration options for experienced and novice sysadmins.
IPFire is characterized by a simple installation process and organization of settings through an intuitive web interface, packed with clear graphics.
The system is modular, in addition to basic packet filtering functions and traffic management for IPFire, the modules They're available with an implementation system to prevent attacks based on meerkat, to create a file server (Samba, FTP, NFS), a mail server (Cyrus-IMAPd, Postfix, Spamassassin, ClamAV and Openmailadmin) and print server (CUPS), the organization of a VoIP gateway based on Asterisk and Teamspeak, the creation of a wireless access point, the organization of the audio and video transmission server (MPFire, Videolan, Icecast, Gnump3d, VDR). IPFire uses the special Pakfire package manager to install plugins.
What's new in IPFire 2.25 Core 141?
This new edition of IPFire 2.25 Core 141 has a lot of DNS related changes, andto that according to the blog post, DNS changes are part of a major renewal campaign.
Such is the case of the redesign of the interface components and the scripts distribution related to DNS, as well as the added support for DNS over TLS and Unified DNS settings on all pages of the web interface.
It is also mentioned in the ad that it was implemented the ability to specify more than two DNS servers using the fastest server from the default list.
Of the other DNS-related changes of this new version:
- Safe search, to filter adult contentH.Hand I implement a filter to filter adult-only sites at the DNS level of the entire network without using the web proxy
- Faster charge by reducing the number of DNS checks.
- A workaround if provider leaks DNS queries or bad DNSSEC support (in case of problems, the transport is switched to TLS and TCP).
- Added the QNAME minimize mode (RFC-7816) to reduce the transfer of additional information in requests to prevent leakage of information about the requested domain and increase privacy.
- To solve problems with fragmented packet loss, the EDNS buffer size was reduced to 1232 bytes (1232 was chosen, as it is the maximum at which the DNS response size considering IPv6 is adjusted to the minimum value MTU (1280).
Regarding package updates, this new version includes the updated versions of the packages GCC 9, Python 3, knot 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc 1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. unbound 1.9.6, dehydrated0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, tor 0.4.2.5, tshark 3.0.7.
Moreover, new plugin “amazon-ssm-agent” stands out that has been introduced for the purpose of improve integration with the Amazon cloud.
The added support for Go and Rust languages, as well as the support for LVM partitions, plus the basic composition includes the elinks browser and the rfkill package.
Finally, for those who are interested in being able to download this new version, can get the ready install images for x86_64, i586 and ARM architectures from the official website of the distribution in its download section. The size of the installation iso image is 290 MB.