Security 10816 Published by

The final version of IPFire 2.27 - Core Update 160 is now available. IPFire is a powerful and professional Open Source firewall solution.





IPFire 2.27 - Core Update 160 released

This is the release announcement for IPFire 2.27 - Core Update 160. It comes with a large number of bug fixes and package updates and prepares for removing Python 2 which has reached its end of life.

Before we talk about what is new, I would like to ask you for your support. IPFire is a small team of people and like many of our open source friends, we’ve taken a hit this year and would like to ask you to help us out. Please follow the link below where your donation can help fund our continued development:  https://www.ipfire.org/donate.

Improving Network Throughput

In recent days and months, the development team has spent a lot of time on finding bottlenecks and removing those. Our goal is to increase throughput on hardware and bringing latency down, for a faster network.

This update brings a first change which will enable network interfaces that support it, to send packets that belong to the same stream to the same processor core. This allows taking advantage of better cache locality and the firewall engine as well as the Intrusion Prevention System benefit from this, especially with a large number of connections and especially on hardware with smaller CPU caches.This feature is automatically enabled on all hardware that supports it.

Removing Python 2

Python 2 has reached its  end-of-life (EOL) at January 1st, 2021. In the past months and years, we have moved our own code to Python 3 which has been completed with this update.

However, Python 2 is still present in the distribution for all users who still have to port any custom scripts. With the next Core Update, we will remove Python 2 which means that you have to act now to port any custom scripts written in Python 2.

Misc.

  • In the firewall engine, support for redirecting services as been added and long-standing bug  #12265 has been fixed
  • Some bugs have been fixed in the IPsec VPN scripts that prevented users to create certificate-based connections
  • The web proxy can now be used on systems that do not have a GREEN network
  • The firewall log viewer now displays IP protocol names instead of numbers.
  • All graphs are now rendered in SVG format which makes any scaling in the browser smoother
  • Updated packages: cURL 7.78.0, ddns 014, e2fsprogs 1.46.3, ethtool 5.13, glibc was patched for  CVE-2021-33574 and a follow-up issue, iproute2 5.13.0, less 590, libloc 0.9.7, libhtp 5.0.38, libidn 1.38, libssh 0.9.6, OpenSSH 8.7p1, openssl 1.1.1k which fixes  CVE-2021-3712 and  CVE-2021-3711, pcre 8.45, poppler 21.07.0, sqlite3 3.36, sudo 1.9.7p2, strongswan 5.9.3, suricata 5.0.7, sysstat 12.5.4, sysfsutils 2.1.1

Add-ons

  • Updated packages: alsa 1.2.5.1, bird 2.0.8, clamav 0.104.0, faad2 2.10.0, freeradius 3.0.23, frr 8.0.1, Ghostscript 9.54.0, hplip 3.21.6, iperf3 3.10.1, lynis 3.0.6, mc 7.8.27, monit 5.28.1, minidlna 1.3.0, ncat 7.91, ncdu 1.16, taglib 1.12, Tor 0.4.6.7, traceroute 2.1.0, Postfix 3.6.2, spice 0.15.0


IPFire 2.27 - Core Update 160 released - The IPFire Blog