The IPFire team has officially released IPFire 2.29 – Core Update 194, bringing a host of security fixes, performance improvements, and new features designed to protect networks of all sizes.
Known for its stability and flexibility, IPFire remains a trusted open-source firewall platform, continually evolving to meet modern network security needs.
What’s New in Core Update 194
Following last month’s Core Update 193, this release rebases the system on Linux kernel 6.12.23, delivering critical security and stability patches.
A major highlight comes from Stephen Cuka, who revamped the Pakfire page, offering cleaner controls and better translations for a more user-friendly experience in multiple languages.
Firewall behavior has also been refined—specifically, a fix that now prevents outgoing connections using Alias IPs from being NATed to the default RED IP, ensuring more accurate network configurations.
Key Improvements:
- IPsec host certificate renewal now correctly updates internal files for secure communication.
- Transition from libidn to libidn2 improves DNS functionality across the system.
- A wide range of package updates patch security flaws and enhance overall performance.
Highlighted Updates:
- expat 2.7.1 – Fixes [CVE-2024-8176]
- xz 5.8.1 – Addresses [CVE-2025-31115]
- Suricata 7.0.10, BIND 9.20.8, cairo 1.18.4, harfbuzz 11.0.0
Zabbix 7.0.11 LTS is now supported—note that it’s not compatible with Zabbix Server 6.x.
Add-on packages have also been updated for better performance and compatibility, including:
- Bacula 15.0.2
- FFmpeg 7.1.1
- Git 2.49.0
- Samba 4.22.0
Core Security Features of IPFire:
- Stateful Firewall using Linux Netfilter
- Intrusion Detection & Prevention via Suricata
- VPN Support (IPsec, OpenVPN, WireGuard)
- Advanced Routing & QoS
- Proxy with Content Filtering
- Hardened Update Mechanism
The IPFire team urges all users to update immediately to Core Update 194 to benefit from the latest fixes and enhancements.
This release reflects the ongoing dedication of the IPFire community—developers, testers, and supporters working together to build a stronger, safer internet.
Leave A Comment