The primary objective of IPFire is security. Its easy to configure firewall engine and Intrusion Detection System prevent any attackers from breaking into your network. In the default configuration, the network is split into various zones with different security policies such as a LAN and DMZ to manage risks inside the network and have custom configuration for the specific needs of each segment of the network.
But even the firewall needs to protect itself. IPFire is built from scratch and not based on any other distribution. This allows the developers to harden IPFire better than any other server operating system and build all components specifically for use as a firewall.
Frequent updates keep IPFire strong against security vulnerabilities and new attack vectors.
IPFire employs a Stateful Packet Inspection (SPI) firewall, which is built on top of Netfilter, the Linux packet filtering framework. It filters packets fast and achieves throughputs of up to multiple tens of Gigabit per second.
Its intuitive web user interface allows to create groups of hosts and networks which can be used to keep large set of rules short and tidy - something very important in complex environments with strict access control. Logging and graphical reports give great insight.
Various settings are available to mitigate and block Denial-of-Service attacks by filtering them directly at the firewall and not allowing them to take down your servers.
Intrusion Detection/Prevention System
IPFire's Intrusion Detection System (IDS) analyzes network traffic and tries to detect exploits, leaking data and any other suspicious activity. Upon detection, alerts are raised and the attacker is immediately blocked.
Connecting the World
Virtual Private Networks (VPNs) connect remote locations like data centers, branch offices or outsourced infrastructure via an encrypted link. IPFire allows staff to work remotely as if they would be sitting in the office and allowing them to access all resources that they need - fast and securely.
IPFire supports industry standards like IPsec and OpenVPN and interoperates with equipment from various vendors like Cisco & Juniper. VPNs are quickly and easily set up with IPFire and employ latest cryptography.
From a technical point of view, IPFire is a minimalistic, hardened operating system. To provide more functionality, it can be extended by add-ons which are installed with IPFire's own package management system called Pakfire.
Add-ons can be handy command line tools for administrators or can extend the system to provide additional functionality. Those include:
Turning IPFire into a Wireless Access Point
Tools for Monitoring and System Health Management
Backup, File and Print Services
Running a Tor node
Proxies and Relays for various protocols
and many more...
Making Your Internet Faster
The IPFire Quality of Service (QoS) categorizes network traffic and sends it out prioritized by how important it is to ensure a good service. For example, a Voice-over-IP call will always have priority over a large download to ensure that words will never get lost and call quality is always the best it can be.
Even on very busy links, IPFire will make sure that websites load fast and that the network is quick and responsive by using smart queueing algorithms and getting the most out of your bandwidth.
One of the most commonly used features of IPFire is the full-fledged web proxy. It delivers and filters web content and can only allow Internet access for some users.
Caching content on the firewalls disk makes websites load faster. External regularly updated blacklists allow banning browsing on various websites when they are for example not suitable for students. Optionally, the IPFire web proxy can transparently scan for viruses and block them straight away.
The web proxy makes IPFire perfect for schools and universities where access control and logging is required.