IPFire is a hardened open-source Linux distribution that routes and offers firewall features to a physical or virtual network. Available for download at [Link] at x68 (64 bits) and ARM (64 bits) formats.

It is a Linux distribution with an exclusive package manager called Pakfire (not Debian or RHLE based) focused on simplicity combined with a high level of security.

All the setup is done via WebUI (e.g. https://10.10.10.1:444/) but also allows SSH connection for advanced management.

For simplification IPFire classifies the zone with colors:

  • RED
    • WAN side.
    • Public Internet.
    • Interface name red0.
  • GREEN
    • LAN side.
    • Private internal network.
    • Interface name green0.
  • BLUE (optional)
    • DMZ (DeMilitarized Zone).
    • Limited protection network.
    • Exposes specific ports (or all) to the Internet (e.g. Port Forwarding).
  • ORANGE (optional)
    • WLAN (wireless network).
    • Segregated network for wireless devices.

One network adapter per zone is required.

The most popular features are:

  • Rate limitation functionality and logging.
  • Quality of Service for critical applications like VoIP calls.
  • Intrusion Prevention System with SNORT.
  • Web Proxy with Content Cache and URL Filter components.
  • Site-to-Site VPNs with IPsec or OpenVPN.
  • Internal DNS proxy which uses DNSSEC (DNS-over-TLS aka DoT).
  • Captive Portal.

Command-line usage:

  • pakfire help
    • List the arguments and descriptions.
  • pakfire install htop
    • Installs a single package.
  • pakfire install -y samba nano
    • Installs multiple apps without prompting for confirmation.
  • pakfire update
    • Updates the list of packages.
  • pakfire update –force
    • Forces to update the list of packages.
  • pakfire upgrade
    • Upgrades all packages to the latest version.
  • pakfire upgrade –force
    • Fixes broken upgrade.
  • pakfire list
    • Lists all available packages.
  • pakfire status
    • Returns a Status-Summary for the Current Core-Update-Level.

To changing the package manager repository, edit the file /opt/pakfire/etc/pakfire.conf and add the preferred (or closer) server from the list available at [Link].

Linux commands that are also avilable:

  • ip address
  • ip route
  • service ntp {status|stop|start|restart}

Curiosity: always search for vulnerabilities and keep your system updated because like any other system connected to the internet it can eventually be exploited. See the Metasploit module that exploits the version 156 and get a reverse Meterpreter shell as admin [Link].