IPFire – The Linux Router + Firewall distribution
IPFire is a Linux distribution based on Linux From Scratch which presents itself as a router + firewall capable of stopping threats, detecting intrusions (IDS), filtering risky content or acting as a cache, but also of a whole lots of other cool stuff.
As it is a Firewall distribution, the best is to put it on a computer with at least 2 network cards. One which is connected to the net and the other to your local network. Several configurations are however possible RED + GREEN or RED + GREEN + ORANGE or RED + GREEN + ORANGE + BLUE.
Once installed and your network cards configured, the IPFire interface is accessible through your browser on ip + port 444 in HTTPS.
From there, you have access to different sections to configure your Firewall. Via the system menu, you can for example connect IPFire to a wifi network, configure remote access via SSH, save the config, etc.
The Status section will give you information on memory used, network traffic, CPU load… etc.
The Network section will allow you to configure your network interfaces, DNS, web proxy, URL filtering. But also the DHCP server, web cache, static routes, the MAC address of the RED card, port control for each RED zone station in GREEN via the DMZ ORANGE. And all this according to the times of your choice … etc., etc. It’s super flexible!
The service menu gives access to the OpenVPN, IPSec, DDNS, QoS (prioritize the bandwidth according to the services). And ExtraHD config which allows you to mount an additional external or internal disk.
IPFire: The Firewall section
The Firewall section allows you to configure your filtering rules (IP + Ports). But also port forwarding, IPtables, IPS (Intrusion Prevention System)… etc., Etc. For example, you can block scans from Shodan .
The Logs menu, gives access to the logs entering and leaving IPFire. And above all, the IPFire section allows you to install Add-ons for the distribution. This means that you can add new features to IPFire, or even expand your own.
Currently, among the proposed extensions, you will find Tor for anonymity, e. Everything that is file server like Samba, NFS, Netatalk, Tftpd, everything that is printing and scanning like CUPS… etc. Without forgetting the Bacula type backup, BorgBackup, the mail server (MailServer), P2P with Transmission, VoIP with Asterik, multimedia with the possibility of having a jukebox, upnp, DLNA, etc.
A whole bunch of network tools from tcpdump to traceroute via nginx, HAProxy… etc., Obviously, a little virtualization with Qemu without forgetting the possibility of transforming your IPFire into a Wifi access point.
And of course, since it’s a Linux distro, you can also install any software that interests you.
For more info and the doc, visit IPFire.