IPFire 2.21 The first update of the year and it is packed with loads of new features, many many performance improvements as well as some security fixes. This is quite a long
To support our project and keep us bringing these updates for you, please donate !
Squid 4.5 - Making the web proxy faster and more secure
We have finally updated to squid 4.5, the latest version of the web proxy working inside IPFire. It has various improvements in speed due to major parts being rewritten in C++.
We have as well changed some things on the user interface to make its configuration easier and to avoid any configuration mistakes.
One of the major changes is that we have removed a control that allowed to configure the number of child processes for each redirector (e.g. URL filter, Update Accelerator, etc.). This is now statically configured to the number of processors. Due to that, we only use as many processes as the system has memory for but allow to use maximum CPU power by being able to saturate all cores at the same time. That makes the URL filter and other redirectors faster and more efficient in their resource consumption. They will now also be launched at the start of the web proxy so that there is no wait
We expect these improvements to make proxies that serve hundreds or even thousands of users at the same time to become faster by being more efficient.
We have dropped some features that no longer make sense in 2019: Those are the web browser check and download throttling by file extension. Since the web is migrating more and more towards HTTPS, those neither work for all the
We have also removed authentication against Microsoft Windows NT 4.0 domains. Those authentication protocols used back then are unsafe for years and nobody should be using those
We have also mitigated a security issue in the proxy authentication against Microsoft Windows Active Directory domains. Due to squid's default configuration, an authenticated user was remembered by their IP address for up to one second. That means that with an authenticated browser, any other software coming from the same system was allowed for one second to send requests to the web proxy being properly authenticated. This could have been exploited by malware or other software running inside a virtual machine or similar services to get access to the internet without having valid credentials. This is now resolved and (re-)
New installations will now be recommended to set up a proxy with slightly more cache in memory and no cache on disk. Ultimately, this is something that should be considered for each installation
Furthermore, some minor usability improvements of the web proxy configuration page have been implemented.
The DNS forwarding feature has been extended to make using it more flexible. It now accepts hostnames as well as IP addresses to forward requests to multiple servers that are found by resolving the hostname. It is also possible to add multiple servers as a comma-separated list so that multiple servers can be
These changes allow to redirect requests to DNS blacklists for example directly to the right name servers and not worry about any changes of IP addresses at the provider.
• Kernel modules that
• Creating certificates for IPsec and OpenVPN threw an error before which has now been fixed by ensuring that the internal certificate database is
• We have enabled a Just-In-Time compiler for the Perl Regular Expressions engine. This will increase
• Installing IPFire from ISO on i586-based systems failed because of a bug in the EFI code of the installer. This has now been fixed.
• Installing IPFire on XFS filesystems is now also working again. Before, the installed system was not able to boot because GRUB did not support some modern file system features.
• The description on which SSH port IPFire is listening has been fixed.
• Connection Tracking support is now enabled by default for Linux Virtual Servers, i.e. layer-4 load-balancers.
• GeoIP: Scripts have been updated to use a new format of the GeoIP database
• Updated packages: bind 9.11.5-P1,
• Updated packages:
- Head Start Access Begins Today for Action MMORPG Bless Unleashed - February 26, 2020
- Archaeology, one of the most powerful skills ever to come to RuneScape, confirmed for March 30th - February 26, 2020
- TRIALS OF OSIRIS RETURNS TO DESTINY 2 ON MARCH 13 - February 26, 2020