IPFire 2.17 - Core Update 87

The IPFire Project ipfire-announce at lists.ipfire.org
Fri Feb 27 15:10:41 CET 2015


This is the official release announcement for IPFire 2.17 – Core Update
87, a new major version of the IPFire firewall distribution coming with
all sorts of new features and bug fixes.


Most of the work has been done under the hood and in the Linux kernel.
This has been updated to version 3.14 and brings better support for
various hardware and stability fixes. Various device drivers have been
backported from more recent versions of the Linux kernel to combine
great stability with best hardware support.

Stability for various ARM platforms has been improved and support for
more has been added. Among the new devices are the Banana Pi and Banana
Pro boards. Please check out the list of supported ARM boards on the
IPFire wiki [1].


The installer program that helps to install IPFire has been very much
improved. It is now easier to use and provides clearer error messages.
It allows you to select the disk you want to install IPFire on and does
not use the first one any more if there are more than one.

An other main feature is that the installer is now able to download the
ISO image from the Internet. That allows it to be used on devices that
can not boot from USB drives. Installations using the serial console are
possible as well.

The installer allows you to use the XFS filesystem and supports
installation on harddisks larger than 2TB by using GPT. The entire
partitioning has been rewritten and is able to produce better
partitioning layouts.

The unattended installation feature is now usable again and the
Installation Guide on the IPFire wiki has been rewritten [2].

Changing bootloaders on x86

We changed the bootloader on all x86 installations from GRUB-legacy to
GRUB2. New systems will be installed right away with the new version and
old ones will be migrated. Please make sure to create a backup of your
installation in case this upgrade fails.

The huge benefit we get from migrating to GRUB2 is more flexibility for
testing new kernels and much better reliability on various hardware.
Security fixes in third-party packages

 * glibc has been patched against the GHOST vulnerability.
 * The ntp package has been updated because of recent security
   vulnerabilities that have been discovered
 * The openvpn package has been updated to version 2.3.6


 * Timmothy Wilson suggested to use SHA256 for the SSL certificate that
   is used for accessing the web user interface. All new installations
   will use this.
 * iw was updated to version 3.14
 * wpa_supplicant and hostapd have been updated for more stable wireless
 * Erik Kapfer added tmux as an add-on package
 * Umberto Parma sent in an Italian translation for the web user

Updated add-ons

 * Pound has been updated to version 2.7 stable which allows better
   protection against the POODLE vulnerability
 * mtr has been updated to version 0.86
 * fping has been updated to version 3.10

Like already pointed out in the announcement of the test release, we
would like to repeat our disappointment that so few people participated
in testing this release. The many changes that come with every IPFire
release require testing by many many people from the community. Like
many other Open Source projects there has been only little participation
in the testing effort and there was only very little feedback which
caused this release being delayed for months. We are looking forward to
that more people will support this project in the future to make sure
that it remains a healthy one and will become even better.

You can support this project by getting involved into development [3],
writing documentation, support fellow IPFire users or with your donation

-The IPFire Team

[1] http://wiki.ipfire.org/en/hardware/arm/start
[2] http://wiki.ipfire.org/en/installation/start
[3] http://www.ipfire.org/getinvolved
[4] http://www.ipfire.org/donate

More information about the IPFire-Announce mailing list