IPfire 2.25 Core Update 154 & Network Zones

Hi All!

Just wanted to give an update to some of the new features with IP Fire 2.25. One in particular, is “Network Zones”. I had an issue with my WAP and placement in a three bedroom home. Having upstairs and downstairs rooms and just one WAP made it hard for connections to get good bandwidth in all rooms. Now that is solved with bridging the WAP (Blue) and another NIC I wanted to use for a wired media box (Nvidia Shield with KODI). Now for a 1 GB connections I get about 780 MBs on the Nvidia Shield and the same upstairs on wifi (Using an i7 laptop) The only alteration I had to do is place two keystone 6e punch blocks one the Cat6e cable run and join them together with a Cat6e patch cable. (Livingroom to bedroom upstairs) … So far I like IPFire! It has a lot of security features I like as well, such as “Blue” accesss (Firewall), which means you have to give anything connecting to your network (WIFI) permission to join the network. Here is a screen shot:

For Blue access: https://wiki.ipfire.org/configuration/firewall/accesstoblue


how do you like ipfire vs say pfsense/opnsense ? I always see it in web searches but it never seems to be near the top used. But I kind of like the idea of a linux firewall with a gui (besides untangle).

Works very well. Does everything I want it to do. Don’t use Snort, due to no inbound rules. Other than that works perfect for my network. Give it a shot for a week just for comparison.

Thanks! I have a spare box I will toss it on for shiggles and see. I think I am gonna try it and Untangle this week.

I had a pfsense meltdown (DNS forwarding quit working all of a sudden) at a very bad time,
and I needed something quickly I could just throw together to get up and running while I figure out what happened.

I put IPFire on a spare cf card and was up and running in a few minutes. It’s been on there for a few weeks now. I kind of like it. Seems a bit lighter on resources and does what I need it to. ( I don’t use inbound rules either)

But since I can just swap out CF cards, I do plan on trying Simplewall and Untangle as well

Edit: Simplewall appears to be more or less dead…last update has been years ago

New version (159) out with updated kernel based on Linux 5.10 and an updated toolchain as well as general bug fixes and a large number of improvements…


1 Like

New version (160) with improved network throughput and End of Life for Python 2.


  • In the firewall engine, support for redirecting services as been added and long-standing bug [#12265] has been fixed
  • Some bugs have been fixed in the IPsec VPN scripts that prevented users to create certificate-based connections
  • The web proxy can now be used on systems that do not have a GREEN network
  • The firewall log viewer now displays IP protocol names instead of numbers.
  • All graphs are now rendered in SVG format which makes any scaling in the browser smoother
  • Updated packages: cURL 7.78.0, ddns 014, e2fsprogs 1.46.3, ethtool 5.13, glibc was patched for [CVE-2021-33574]and a follow-up issue, iproute2 5.13.0, less 590, libloc 0.9.7, libhtp 5.0.38, libidn 1.38, libssh 0.9.6, OpenSSH 8.7p1, openssl 1.1.1k which fixes [CVE-2021-3712] and [CVE-2021-3711], pcre 8.45, poppler 21.07.0, sqlite3 3.36, sudo 1.9.7p2, strongswan 5.9.3, suricata 5.0.7, sysstat 12.5.4, sysfsutils 2.1.1


  • Updated packages: alsa, bird 2.0.8, clamav 0.104.0, faad2 2.10.0, freeradius 3.0.23, frr 8.0.1, Ghostscript 9.54.0, hplip 3.21.6, iperf3 3.10.1, lynis 3.0.6, mc 7.8.27, monit 5.28.1, minidlna 1.3.0, ncat 7.91, ncdu 1.16, taglib 1.12, Tor, traceroute 2.1.0, Postfix 3.6.2, spice 0.15.0