IPFire is a powerful and professional Open Source firewall solution.
Security
The primary objective of IPFire is security. Its easy to configure firewall engine and Intrusion Prevention System stops any attackers from breaking into your network. In the default configuration, the network is split into various zones with different security policies such as a LAN and DMZ to manage risks inside the network and have custom configuration for the specific needs of each segment of the network.
But even the firewall needs to protect itself. IPFire is built from scratch and not based on any other distribution. This allows the developers to harden IPFire better than any other server operating system and build all components specifically for use as a firewall.
Frequent updates keep IPFire strong against security vulnerabilities and new attack vectors.
Firewall
IPFire employs a Stateful Packet Inspection (SPI) firewall, which is built on top of Netfilter, the Linux packet filtering framework. It filters packets fast and achieves throughputs of up to multiple tens of Gigabit per second.
Its intuitive web user interface allows to create groups of hosts and networks which can be used to keep large set of rules short and tidy - something very important in complex environments with strict access control. Logging and graphical reports give great insight.
Various settings are available to mitigate and block Denial-of-Service attacks by filtering them directly at the firewall and not allowing them to take down your servers.
Intrusion Prevention System
IPFire's Intrusion Prevention System (IPS) analyzes network traffic, detects exploits, leaking data and any other suspicious activity. Upon detection, alerts are raised and the attacker is immediately blocked.
Connecting the World
Virtual Private Networks (VPNs) connect remote locations like data centers, branch offices or outsourced infrastructure via an encrypted link. IPFire allows staff to work remotely as if they would be sitting in the office and allowing them to access all resources that they need - fast and securely.
IPFire supports industry standards like IPsec and OpenVPN and interoperates with equipment from various vendors like Cisco & Juniper. VPNs are quickly and easily set up with IPFire and employ latest cryptography.
Add-ons
From a technical point of view, IPFire is a minimalistic, hardened operating system. To provide more functionality, it can be extended by add-ons which are installed with IPFire's own package management system called Pakfire.
Add-ons can be handy command line tools for administrators or can extend the system to provide additional functionality. Those include: