https://blog.ipfire.org/post/ipfire-2-25-core-update-141-release
ATTENTION! You are receiving this email because you are subscribed to our announcement mailing list. This list is going to be shut down soon. To keep receiving important announcements like this one, please sign up at https://people.ipfire.org/register, if you did not already do so.
The first exciting big update of the year is ready: IPFire 2.25 - Core Update 141! It comes with a totally reworked DNS system which adds many new features like DNS-over-TLS.
On top of that, this update fixes many bugs.
DNS Updates
The biggest set of changes in this release is around DNS. We have cleaned up many scripts and the UI which allowed us to add new functionality:
• A unified page with all DNS settings
• More than two DNS servers can be added for better load-balancing and resiliency. The fastest servers will be used automatically.
• Enhanced privacy with DNS-over-TLS and strict QNAME minimisation
• Safe Search, to filter adult content from the entire network without using the web proxy
• Better workarounds for users with ISPs that filter DNS responses/break DNSSEC. TLS and TCP can be used as transport instead.
• Faster boot because of fewer checks being executed at boot time
In order to combat MTU issues, we are following guidelines and have set the EDNS buffer size to 1232 bytes. This avoids large DNS replies being fragmented even on Internet lines with smaller MTUs.
All DNS settings will automatically be converted. This is also compatible when older backups are being restored.
Updates Under The Hood
IPFire is a modern distribution as we change and update many essential system components regularly. That allows us to keep you safe, support new features and of course be fast by taking advantage of modern hardware.
In this update, we have rebased the system on GCC 9 and added support for Go and Rust. We have included Python 3 to the base system and deprecated Python 2 which is out of support by now. Not everything has been converted to use Python 3 yet, but we will hopefully soon be able to drop support for Python 2 altogether.
Unfortunately the system is growing larger and larger with every update. Software in general is quite bloated although we are trying our best to keep IPFire as small as possible. On systems that have a 2GB root partition and many add-ons installed, disk space might be running out. This update clears a lot of files that are no longer needed. We have also improved stripping our binary files from debugging symbols which are not needed on a production system in order to keep those files smaller.
• elinks, the text-based browser is also no longer an add-on any more, but shipped with the core system.
• LVM devices are now supported in IPFire.
• Updated packages: efivar 35, gcc 9.2.0, file 5.38, knot 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. unbound 1.9.6
• New packages: rfkill
Misc.
• The Intrusion Prevention System now filters packets from and to OpenVPN clients, too
• Pakfire initially used HTTP for downloading the first mirror list. It would have been redirected to HTTPS by the server, but this has been now changed that the first connection attempt is using HTTPS.
• As announced in a separate blog post, we are shipping the latest version of Maxmind's GeoIP database
• IPsec: To enhance compatibility with many clients, newly generated root certificates will include a valid Subject Alternative Name which can also be freely configured
Add-ons
• Updated: dehydrated 0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, tor 0.4.2.5, tshark 3.0.7
• New: amazon-ssm-agent for better integration into the Amazon cloud
https://blog.ipfire.org/post/ipfire-2-25-core-update-141-release
ATTENTION! You are receiving this email because you are subscribed to our announcement mailing list. This list is going to be shut down soon. To keep receiving important announcements like this one, please sign up at https://people.ipfire.org/register, if you did not already do so.
The first exciting big update of the year is ready: IPFire 2.25 - Core Update 141! It comes with a totally reworked DNS system which adds many new features like DNS-over-TLS.
On top of that, this update fixes many bugs.
DNS Updates
The biggest set of changes in this release is around DNS. We have cleaned up many scripts and the UI which allowed us to add new functionality:
• A unified page with all DNS settings
• More than two DNS servers can be added for better load-balancing and resiliency. The fastest servers will be used automatically.
• Enhanced privacy with DNS-over-TLS and strict QNAME minimisation
• Safe Search, to filter adult content from the entire network without using the web proxy
• Better workarounds for users with ISPs that filter DNS responses/break DNSSEC. TLS and TCP can be used as transport instead.
• Faster boot because of fewer checks being executed at boot time
In order to combat MTU issues, we are following guidelines and have set the EDNS buffer size to 1232 bytes. This avoids large DNS replies being fragmented even on Internet lines with smaller MTUs.
All DNS settings will automatically be converted. This is also compatible when older backups are being restored.
Updates Under The Hood
IPFire is a modern distribution as we change and update many essential system components regularly. That allows us to keep you safe, support new features and of course be fast by taking advantage of modern hardware.
In this update, we have rebased the system on GCC 9 and added support for Go and Rust. We have included Python 3 to the base system and deprecated Python 2 which is out of support by now. Not everything has been converted to use Python 3 yet, but we will hopefully soon be able to drop support for Python 2 altogether.
Unfortunately the system is growing larger and larger with every update. Software in general is quite bloated although we are trying our best to keep IPFire as small as possible. On systems that have a 2GB root partition and many add-ons installed, disk space might be running out. This update clears a lot of files that are no longer needed. We have also improved stripping our binary files from debugging symbols which are not needed on a production system in order to keep those files smaller.
• elinks, the text-based browser is also no longer an add-on any more, but shipped with the core system.
• LVM devices are now supported in IPFire.
• Updated packages: efivar 35, gcc 9.2.0, file 5.38, knot 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. unbound 1.9.6
• New packages: rfkill
Misc.
• The Intrusion Prevention System now filters packets from and to OpenVPN clients, too
• Pakfire initially used HTTP for downloading the first mirror list. It would have been redirected to HTTPS by the server, but this has been now changed that the first connection attempt is using HTTPS.
• As announced in a separate blog post, we are shipping the latest version of Maxmind's GeoIP database
• IPsec: To enhance compatibility with many clients, newly generated root certificates will include a valid Subject Alternative Name which can also be freely configured
Add-ons
• Updated: dehydrated 0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, tor 0.4.2.5, tshark 3.0.7
• New: amazon-ssm-agent for better integration into the Amazon cloud
https://blog.ipfire.org/post/ipfire-2-25-core-update-141-release
ATTENTION! You are receiving this email because you are subscribed to our announcement mailing list. This list is going to be shut down soon. To keep receiving important announcements like this one, please sign up at https://people.ipfire.org/register, if you did not already do so.
The first exciting big update of the year is ready: IPFire 2.25 - Core Update 141! It comes with a totally reworked DNS system which adds many new features like DNS-over-TLS.
On top of that, this update fixes many bugs.
DNS Updates
The biggest set of changes in this release is around DNS. We have cleaned up many scripts and the UI which allowed us to add new functionality:
• A unified page with all DNS settings
• More than two DNS servers can be added for better load-balancing and resiliency. The fastest servers will be used automatically.
• Enhanced privacy with DNS-over-TLS and strict QNAME minimisation
• Safe Search, to filter adult content from the entire network without using the web proxy
• Better workarounds for users with ISPs that filter DNS responses/break DNSSEC. TLS and TCP can be used as transport instead.
• Faster boot because of fewer checks being executed at boot time
In order to combat MTU issues, we are following guidelines and have set the EDNS buffer size to 1232 bytes. This avoids large DNS replies being fragmented even on Internet lines with smaller MTUs.
All DNS settings will automatically be converted. This is also compatible when older backups are being restored.
Updates Under The Hood
IPFire is a modern distribution as we change and update many essential system components regularly. That allows us to keep you safe, support new features and of course be fast by taking advantage of modern hardware.
In this update, we have rebased the system on GCC 9 and added support for Go and Rust. We have included Python 3 to the base system and deprecated Python 2 which is out of support by now. Not everything has been converted to use Python 3 yet, but we will hopefully soon be able to drop support for Python 2 altogether.
Unfortunately the system is growing larger and larger with every update. Software in general is quite bloated although we are trying our best to keep IPFire as small as possible. On systems that have a 2GB root partition and many add-ons installed, disk space might be running out. This update clears a lot of files that are no longer needed. We have also improved stripping our binary files from debugging symbols which are not needed on a production system in order to keep those files smaller.
• elinks, the text-based browser is also no longer an add-on any more, but shipped with the core system.
• LVM devices are now supported in IPFire.
• Updated packages: efivar 35, gcc 9.2.0, file 5.38, knot 2.9.2, libhtp 0.5.32, mdadm 4.1, mpc1.1.0, mpfr 4.0.2, rust 1.39, suricata 4.1.6. unbound 1.9.6
• New packages: rfkill
Misc.
• The Intrusion Prevention System now filters packets from and to OpenVPN clients, too
• Pakfire initially used HTTP for downloading the first mirror list. It would have been redirected to HTTPS by the server, but this has been now changed that the first connection attempt is using HTTPS.
• As announced in a separate blog post, we are shipping the latest version of Maxmind's GeoIP database
• IPsec: To enhance compatibility with many clients, newly generated root certificates will include a valid Subject Alternative Name which can also be freely configured
Add-ons
• Updated: dehydrated 0.6.5, libseccomp 2.4.2, nano 4.7, openvmtools 11.0.0, tor 0.4.2.5, tshark 3.0.7
• New: amazon-ssm-agent for better integration into the Amazon cloud
Hello editors,
this is a pre-announcement email to all editors out there who write about IPFire. We would like to let you know, that we are planning to release the next IPFire release, IPFire 2.25 Core Update 141, next Monday, February 24th, between 10:00 and 14:00 UTC.
We are sending you this announcement to give you some time to prepare a news article about this new release of IPFire to help us make IPFire better-known and of course to make our existing users aware of this exciting new update being ready to be installed. We are very grateful for your support for our project!
The changelog can be found here:
https://blog.ipfire.org/post/ipfire-2-25-core-update-141-is-available-for-t…
In this release we redesigned DNS. We removed loads of older code and setup options and they are now all combined on one new page. We then added features to improve privacy like DNS-over-TLS and QNAME minimisation:
https://blog.ipfire.org/post/restoring-dns-privacy
Safe Search can now be enabled to filter any adult content from search results on YouTube and many search engines:
https://blog.ipfire.org/post/how-does-safe-search-work
Please get in touch if you have any further questions.
We will send you the final announcement when the update is officially released.
Thank you very much for supporting our project!
Best regards,
-Michael