One of the popular Linux distributions for network and firewall devices, IPFire, has received a new core update. The new Core Update 168 delivers improvements for the Intrusion Prevention System (IPS) alongside other security improvements while updating the Linux firmware bundle.
Improvements for IPS
The Intrusion Prevention System has received its own enhancements, most notably for the handling of ruleset providers. The patch allows enabling the Monitoring mode for each ruleset provider individually; which makes baselining and testing easier. Parsing and restructuring of changed or updated rulesets have also been improved for better performance. Finally, the downloader now automatically checks the ETag HTTP header to determine whether a ruleset has been updated on the providers’ server.
Other security improvements in IPFire 2.27 Core Update 168 can be seen below:
- IPFire now drops any packet that is received on a different interface than it would have been routed back to. This thwarts entire classes of network spoofing attacks, particularly originating from or targeting internal networks.
- OpenSSH has been updated to 9.0p1, introducing (among other changes) quantum-resistant cryptography. IPFire’s custom OpenSSH configuration has been updated to make use of it. Also, spoofable TCP-based keep-alive messages are no longer sent, preventing MITM attackers to force-keep an established SSH connection opened.
- As a defense-in-depth measure, various file permissions have been tightened to prevent any unprivileged attacker from reading potentially sensitive configuration on an IPFire installation.
Additionally, the issue with CUPS configuration while creating backups and restoring has been fixed alongside various bugs in CGIs. IPFire 2.27 Core Update 168 updates many packages and add-ons as well.
The developers have released both x86_64 and aarch64 versions for the network and firewall-focused Linux distribution. You can follow the link below to download the suitable one for your device: