The foundation of IPFire is the high level of flexibility which lets us configure different versions of this operating system out of a single base. Beginning with a small firewall system of a few megabytes, it is possible to run IPFire as a file server or VPN gateway for staff, branches or customers. This modularity means that yor version of IPFire runs with exactly what you require and nothing more. All features are easily configured with the package manager, which also makes updates very easy.
We believe that this is the best way to provide security to a network. There is no way to distribute a static appliance because security means different things to different people, and changes over time. Security is more of a process paired with behaviour and restrictions. IPFire has been designed to be flexible enough to fit into any existing security architecture.
The primary objective in the development of IPFire is - of course - security. But it doesn't mean there is only one way to achieve security. Rather, it is more important for every administrator to understand their environemnt and what security means in that context.
IPFire is the base of security for a local network. It has the power to segment the network based on their required security level. This makes it easy to create custom policies for each segment. See the firewall tab for more information.
Part of this focus on security involves the fast and reliable distribution of security updates of the system and its components. Updates are digitally signed and encrypted, and can be automatically installed by the Pakfire, the package manager. Since IPFire is directly connected to the Internet it is a primary target for hackers and bots. Pakfire helps administrators feel certain they are running the latest security updates and bug fixes
From a technical point of view, IPFire is a minimalistic, hardened firewall system which comes with an integrated package manager called Pakfire. With a single click you can enhance the base system by providing network services.
IPFire uses a firewall using Stateful Packet Inspection (SPI) which is built on top of netfilter, the Linux packet filtering framework. With the installation of IPFire, the network gets separated into different segments which represent a group of computers which share a common security level:
This scheme means there is a perfect place for each machine in the network. The various segments may be enabled separately depending on requirements. Additionally, the firewall can also control outbound Internet access from any segment. This gives the administrator ultimate control over how their network can be used.
Click here: Outgoing firewall configuration
IPFire may be enhanced to include a virtual private network (VPN) gateway which connects remote people and places to the local network using an encrypted link. This could be staff, friends, or anyone you'd like to share data with in a secure way. Businesses use VPNs to connect branch offices, datacenters, corporate partners, and to provide traveling staff with a portal into the corporate network.
IPFire uses both the IPSEC and OpenVPN protocols, affording the maximum in flexibility when configuring your VPN. These implementations allow IPFire connect to VPN endpoint devices by: Cisco, Juniper, Checkpoint, NetGear, or any Linux based implementation.
Click here: Configuring a VPN connection
Based on a recent version of the Linux kernel 2.6 series, IPFire supports the latest hardware like 10Gbit network cards and wireless hardware out of the box. Requirements are minimal:
The IPFire Developers are concerned with the ability to run IPFire on systems running as many variations as possible. This is what helps IPFire run on cheap hardware as well as high performance servers.
IPFire can be run as a virtual guest on the following hypervisors:
It brings many frontend drivers for high performance to all the hypervisors.
IPFire is licensed under the terms of the GNU General Public License in version 3, so it is free software. The success of the project depends upon donations to the community.