IPFire Core Update 198 has been released, featuring a substantial upgrade to its Intrusion Prevention System (IPS) powered by Suricata 8. This update brings enhanced performance, deeper inspection features, and increased reliability to IPFire's IPS, as well as improved reporting and logging capabilities, including real-time email notifications, scheduled PDF reports, and external logging. The update also includes significant advancements in the IPS itself, with faster startup times, more efficient memory handling, and expanded protocol support. 

IPFire 2.29 - Core Update 198 released

IPFire Core Update 198 is an important milestone for the platform's security capabilities and user experience. At its core lies a substantial upgrade to the Intrusion Prevention System (IPS), powered by Suricata 8. This latest iteration boasts enhanced performance, deeper inspection features, and increased reliability, making it an invaluable asset in safeguarding networks against emerging threats.

One of the most notable advancements in IPFire Core Update 198 is its sophisticated reporting system. Gone are the days of wading through log files to identify critical security events. With this update, users can now receive real-time email notifications for alerts that surpass a customizable threshold, ensuring prompt awareness and response to potential security breaches.

Scheduled PDF reports provide an additional layer of convenience and insight, allowing administrators to generate comprehensive summaries of all alerts on a daily, weekly, or monthly basis. These reports offer an easy-to-read format, enabling users to archive them or share them with their team and management. Furthermore, IPFire's IPS can forward alerts to remote syslog servers for secure external logging and long-term storage. This feature ensures that administrators possess an independent record of IPS activity outside the firewall, facilitating forensic analysis in worst-case scenarios.

The addition of real-time alerts, regular reports, and logging outside the device greatly improves how well IPFire's IPS can be checked and held Administrators now have access to a richer set of tools for tracking suspicious activity, building historical records, and proving that threats were detected and handled effectively – even when an attacker attempts to cover their tracks.

IPFire Core Update 198 also sees significant advancements in the IPS itself. The introduction of Suricata 8 enables faster startup times thanks to compiled rule caching, while sturdier memory handling ensures more efficient performance under demanding conditions. Notably, protocol support has been expanded to include DNS-over-HTTP/2, Multicast DNS, LDAP, POP3, SDP in SIP, SIP over TCP, and WebSocket.

Along with these important updates, IPFire Core Update 198 includes a complete update to the latest versions of the GNU Compiler Collection (GCC) 15.2.0, GNU Binutils 2.42, and GNU glibc  This brings numerous bug fixes, security patches, and performance improvements to the platform.

The update package list is equally impressive, featuring updates for over a dozen packages, including abseil-cpp, BIND, btrfs-progs, cmake, dtc, cURL, ed, elinks, ethtool, expat, fcron, freetype, gdbm, harfbuzz, hwdata, iproute2, less, libarchive, libconfig, libffi, libinih, libgcrypt, libssh, libtirpc, libxml2, lsof, LVM2, lzip, meson, nano, p11-kit, PCRE2, ruby, SQLite, sudo, whois, xfsprogs, and zlib-ng.

Finally, the update addresses several critical security vulnerabilities, including recent Intel microcode releases to mitigate recent processor-based threats. Also, GRUB has been fixed to address several security issues, and Wade Sparks from VulnCheck quickly resolved problems related to the IPFire web UI after reporting them.

The new version is available to download from here.