n00b Unlimited - Forum https://n00bunlimited.net/ Forum Description en Thu, 18 Jun 2026 13:18:27 GMT vBulletin 60 https://n00bunlimited.net/images/misc/rss.png n00b Unlimited - Forum https://n00bunlimited.net/ IPFire 2.29 - Core Update 203 is available for testing https://n00bunlimited.net/home/forum/site-news/ipfire/80483-ipfire-2-29-core-update-203-is-available-for-testing Wed, 10 Jun 2026 09:40:21 GMT
This is the release announcement for IPFire 2.29 – Core Update 203, which is now available for testing.

This is a substantial update, and its centrepiece is a fundamental change to how IPFire handles DNS: we have replaced Unbound with Knot Resolver, giving us a more flexible foundation and a range of new capabilities, from a DNS Firewall to encrypted upstream forwarding. Alongside it, the WiFi access point gains support for the 6 GHz band, and there are the usual security fixes and package updates throughout. Because these changes reach into a core part of the system, we would especially value your help in testing this release before it reaches everyone.

DNS: Moving from Unbound to Knot Resolver

With this release, IPFire replaces its DNS Resolver with Knot Resolver.

This is a significant change under the hood, and not one we made lightly. Unbound has served IPFire well for many years and remains an excellent resolver. But DNS has quietly become one of the most important parts of the modern network. It is no longer only about turning names into addresses — it increasingly carries the information other protocols rely on to connect quickly, securely and privately, from encrypted transport to the records clients use to establish encrypted connections. To keep building on top of DNS, we needed a resolver we can extend and integrate deeply with the rest of IPFire. Knot Resolver's modular, scriptable architecture gives us exactly that foundation.

What this brings you today:
  • Encrypted upstream forwarding (DNS over TLS) — queries to your chosen upstream resolvers can now be sent over TLS, so they can't be read or tampered with in transit.
  • DNS Firewall — block malware, advertising and whole categories of unwanted domains at the DNS layer.
  • Encrypted zone data (over TLS) — the DNS Firewall's filtering and policy zones are now pulled over an encrypted connection by zone-sync, a new tool we built in C. Updates are transferred incrementally and can no longer be read or tampered with in transit.
  • SafeSearch — enforce safe search across the major search engines and YouTube for your whole network.
  • Conditional forwarding — send queries for specific zones to specific servers. (Note the change below.)
  • Local overrides — define your own DNS records for local hostnames.
  • DHCP integration — a custom module makes hostnames from DHCP leases resolvable in DNS, replacing the old Unbound DHCP Leases Bridge with no loss of function.

Under the hood:
  • Persistent Cache — the cache now survives restarts, so resolution stays fast after a reboot and there's less load on upstream servers.
  • Shared state across multiple workers — Knot Resolver uses several worker processes that share one cache and state, making efficient use of multiple CPU cores without fragmenting the cache.

Please note:

Forwarded zones can no longer be specified as fully-qualified domain names. You now need to replace any entries on the DNS Forwarding page that use FQDNs with IP addresses.

A note on what went into this release: Replacing the DNS resolver is a large piece of work we have undertaken, and it was far from a drop-in replacement. Alongside integrating Knot Resolver itself, we wrote a good deal of new code — including custom modules for DHCP and filtering, and zone-sync, a tool we built in C to keep the DNS Firewall's data current over an encrypted connection. Work like this is slow, detailed and largely invisible, and it is only possible because IPFire is supported by the people who rely on it. If this release is useful to you and you would like to see more of it, please consider making a donation — it is what lets us keep building.

WiFi: Support for the 6 GHz Band

The IPFire WiFi access point now supports the 6 GHz band, opening up the spectrum introduced with WiFi 6E and WiFi 7.

Why this matters:
  • More room, less interference — the 6 GHz band is new and largely empty. Without decades of legacy devices crowding it, wireless clients get cleaner airtime and more stable connections, even in busy neighbourhoods.
  • Wider channels, higher throughput — the additional spectrum leaves room for many more wide (80 and 160 MHz) channels, so you can run faster connections without them overlapping and interfering with one another.
  • No radar detection, no interruptions — unlike parts of the 5 GHz band, the 6 GHz band does not require radar detection (DFS). The access point starts up immediately and can never be forced off its channel by a radar event, so there are no sudden dropouts.

We have also fixed a bug that prevented the access point from starting when a 40 MHz channel width was combined with a manually selected channel.

Misc.

  • AWS: IPFire can now retrieve EC2 instance metadata using IMDSv2, the token-based and more secure version of the metadata service that AWS now recommends and increasingly enforces by default. This means IPFire runs correctly on instances configured to require IMDSv2, while IMDSv1 remains supported for existing deployments.
  • The microcode for some Intel processors has been updated to version 20260512 to address a vulnerability filed as INTEL-SA-01420
  • A bug with Perl failing to properly encode/decode UTF-8 strings has been fixed so that the web UI will show translations with non-ASCII characters properly again
  • OpenVPN: The icon to download the configuration has been replaced by a clearer version; and for Roadwarrior clients with a static IP address allocation, the name of the subnet is now shown next to the connection.
  • sysklogd will now listen on localhost again, which is useful for chrooted processes that want to log messages
  • Updated packages: BIND 9.20.23, Boost 1.90.0, coreutils 9.11, btrfs-progs 7.0, e2fsprogs 1.47.4, elfutils 0.195, expat 2.8.1, fcron 3.4.1, fontconfig 2.18.1, gdb 17.2, gnupg 2.5.20, GRUB 2.14, grub-btrfs 4.14, iana-etc 20260511, krb5 1.22.2, less 702, libedit 20260512-3.1, libksba 1.8.0, libloc 0.9.19, libunistring 1.4.2, libusb 1.0.30, LuaJIT 2.1.707c12b, LVM2 2.03.41, meson 1.11.1, nettle 4.0, OpenVPN 2.7.4, rrdtool 1.10.3, SQLite 3.53.1, strongswan 6.0.7 (CVE-2026-47895), util-linux 2.42, vim 9.2.0526, which 2.25, xfsprogs 7.0.1, zone-sync 0.0.2

Add-Ons

  • Updated packages: dnsdist 2.0.6, ntfs-3g 2026.2.25, Postfix 3.11.3, rsync 3.4.3, samba 4.24.2, spice 0.16.0, spice-protocol 0.14.5, tmux 3.6b, tshark 4.6.6
  • Zabbix Agent: Fixes for OpenVPN 2.7 status parsing and ping error handling have been applied

Testing and Feedback

As always, please help us make this release as solid as it can be. If you are able, install Core Update 203 on a test system, put it through its paces — particularly around DNS resolution, the DNS Firewall and WiFi — and report anything unexpected on our bug tracker.

Your testing and your reports are what let us release with confidence, and we are grateful to everyone who takes the time.

Thank you for helping us build IPFire.


More...]]> Ipfire siosios https://n00bunlimited.net/home/forum/site-news/ipfire/80483-ipfire-2-29-core-update-203-is-available-for-testing IPFire 2.29 - Core Update 202 released https://n00bunlimited.net/home/forum/site-news/ipfire/80482-ipfire-2-29-core-update-202-released Tue, 26 May 2026 14:04:47 GMT In this release, IPFire 2.29 - Core Update 202, we are fixing the most prominent kernel vulnerabilities of the last few weeks. OpenVPN has been...
In this release, IPFire 2.29 - Core Update 202, we are fixing the most prominent kernel vulnerabilities of the last few weeks. OpenVPN has been updated to version 2.7 which brings support for Data Channel Offloading massively upgrading throughput for your OpenVPN tunnels. As usual, this release contains a large number of package updates with various more security fixes.

We would like to encourage to install this update as soon as possible to be protected against the unusually large amount of vulnerabilities that have been discovered recently in the Linux kernel as well as lots of other software components. Ensure to reboot your IPFire system afterwards.

Linux Kernel Security Vulnerabilities

In this release, the IPFire kernel has been rebased on Linux 6.18.32 which most notably fixes a couple of prominent security vulnerabilities:
  • Dirty Frag — ESP/IPsec (CVE-2026-43284) — A local privilege escalation flaw disclosed on May 7, 2026 in the kernel module providing support for ESP, one of the protocols used for IPsec, allowing an unprivileged local user to escalate to root.
  • Copy Fail (CVE-2026-31431) — A logic flaw in the Linux kernel's cryptographic subsystem, specifically within the algif_aead module of the AF_ALG interface, disclosed April 29, 2026, that lets any unprivileged local user gain root via a tiny exploit on essentially every distribution shipping kernels built since 2017.



While these vulnerabilities are serious for Linux systems in general, IPFire is by design not exposed to the most common attack paths. Both flaws require an unprivileged local user with shell access to the system, and IPFire does not provide unprivileged shell accounts on the firewall - only the administrator has access to the console, and there are no other users logged in. That said, defence in depth matters, and we always recommend keeping systems up to date regardless of whether a known attack path applies, because the next vulnerability may well take a different shape.

OpenVPN 2.7

IPFire is now shipping OpenVPN 2.7 which has been released earlier this year. Over the last couple of updates, we have already rolled out changes that allow a smooth transition. The highlight of this release is support for Data Channel Offloading (DCO) to the kernel. Instead of passing any packets to the OpenVPN daemon for encryption and decryption, the kernel can encrypt or decrypt packets itself which will massively boost throughput. We have observed throughput to jump from 1 GBit/s to 10 GBit/s per tunnel with reduced jitter and less CPU utilisation due to the kernel's better use of the hardware's crypto acceleration.

Misc.

  • Firewall: Multiple ports in a comma-separated list are now being applied properly (#13959)
  • Intrusion Prevention System: The IPS is no longer logging any stats which have used a lot of disk space on some systems. The updater automatically removes any log files freeing the disk space. The remaining log files are now being rotated daily instead of weekly.
  • The IPFire DNS Proxy is now permitted outbound access without any additional firewall rules
  • IPsec: Due to a typo in a script, some automatically generated firewall rules were not removed after a tunnel was shut down. This did not have any other implications than a growing table of redundant rules.
  • In glibc, a crafted DNS response can trick gethostbyaddr/gethostbyaddr_r into treating a non-answer section as a valid answer, violating the DNS spec. The result is an out-of-bounds read and bogus hostnames returned to callers — risky for anything that uses reverse DNS in logging or access decisions (GLIBC-SA-2026-0005).
  • Updated packages: abseil-cpp 20260107.1, Apache2 2.4.67, autoconf 2.73, BIND 9.20.22, btrfs-progs 6.19.1, cURL 8.20.0, ethtool 7.0, expat 2.8.0, freetype 2.14.3, glib 2.88.1, GnuTLS 3.8.13, groff 1.24.1, harfbuzz 14.2.0, hwdata 0.406, iana-etc 20260409, intel-microcode 20260227, inotify-tools 4.25.9.0, iproute2 7.0.0, ipset 7.24, Knot 3.5.4, libarchive 3.8.7, libcap 2.78, libcap-ng 0.9.3, libedit 20251016-3.1, libgcrypt 1.12.2, libinih 62, libjpeg 3.1.4.1, libpng 1.6.58, libsodium 1.0.22, liburcu 0.15.6, libxml2 2.15.3, lmdb 0.9.35, LVM2 2.03.40, man-pages 6.18, mdadm 4.6, oath-toolkit 2.6.14, OpenSSH 10.3p1, OpenSSL 3.6.2, OpenVPN 2.7.3, pango 1.57.1, parted 3.7, pciutils 3.15.0, python3-yaml 6.0.3, sed 4.10, SQLite 3.53.0, strongSwan 6.0.6, Suricata 8.0.5, systemd 260.1, texinfo 7.3, tzdata 2026b, Unbound 1.25.1, usb-modeswitch-data 20251207, wireguard-tools 1.0.20260223, XZ 5.8.3
  • IP Blocklist: Links to the BOGON and BOGON_FULL lists have been updated

Add-Ons

  • Samba: A security researcher working under the pseudonym valent1 has reported two security vulnerabilities in this add-on which are patched in this release:
    • Missing input validation during the join operation allowed authenticated attackers to run arbitrary shell commands as a non-privileged user (CVE pending)
    • Inappropriate shell command escaping allowed attackers to gain root privileges from a shell using the sambactrl helper binary (CVE pending)
  • Who Is Online? valent1 reported a now fixed XSS vulnerability for authenticated users (CVE pending)
  • Updated packages: arpwatch 3.9, dnsdist 2.0.5, ffmpeg 8.1, FRR 10.6.0, htop 3.5.1, iperf3 3.21, Git 2.54.0, HAProxy 3.2.15, keepalived 2.3.4, libid3tag 0.16.4, libmicrohttpd 1.0.5, libmpc 1.4.1, libpciaccess 0.19, libvirt 12.3.0, lldpd 1.0.21, mympd 25.0.1, nano 9.0, ncat 7.99, nfs 2.9.1, nmap 7.99, Postfix 3.11.1, rsync 3.4.2, Samba 4.24.1, Tor 0.4.9.7, transmission 4.1.1, tshark 4.6.5, Zabbix Agent 7.0.24 (LTS) + Monitoring for D-Bus & LLDP


We want to urge you to upgrade your systems, so you aren't vulnerable to the Dirty Frag, Copy Fail, Fragnesia vulnerabilities. Thanks to everyone for giving feedback for the testing release and reporting any problems to Bugzilla.

If you would like to thank the developers & support their work, please donate, to keep the project moving fast!


More...]]> Ipfire siosios https://n00bunlimited.net/home/forum/site-news/ipfire/80482-ipfire-2-29-core-update-202-released Team Fortress 2 Update Released https://n00bunlimited.net/home/forum/site-news/steam-news/80481-team-fortress-2-update-released Mon, 25 May 2026 16:16:24 GMT An update to Team Fortress 2 has been released. The update will be applied automatically when you restart Team Fortress 2. The major changes include:...
  • Fixed crash related to wearables leaking when weapons are dropped (community fix from Sean McGeehan)


    • An update to Team Fortress 2 has been released. The update will be applied automatically when you restart Team Fortress 2. The major changes include:
    • Fixed crash related to wearables leaking when weapons are dropped (community fix from Sean McGeehan)


    More...]]>     Steam News siosios https://n00bunlimited.net/home/forum/site-news/steam-news/80481-team-fortress-2-update-released     Team Fortress 2 Update Released https://n00bunlimited.net/home/forum/site-news/steam-news/80480-team-fortress-2-update-released Fri, 22 May 2026 22:40:44 GMT An update to Team Fortress 2 has been released. The update will be applied automatically when you restart Team Fortress 2. The major changes include:...
  • Fixed crash related to KeyValues
  • Fixed Mk.II Botkiller eyes not glowing in the dark (community fix from Whurrhurr)
  • Fixed Halloween spell attribute text being grayed out during full moons (community fix from FrozenDragon)
  • Fixed attachments on dropped weapons having broken textures for certain war paints and skins (community fix from Piogre)
  • Fixed automatic "Control Point Lost" lines not playing (community fix from robbilookatme)
  • Fixed spacing issues for item descriptions (community fix from DiskIntegrity)
  • Fixed many cases where Spy disguises were broken (community fix from Sean McGeehan)
  • Fixed The Fancy Spellbook's large backpack icon not matching the small version
  • Updated VScript to allow set damage for force calc (community fix from doclic)
  • Updated the Snow Merc to count as an assister in the death notice
  • Updated the prop for Taunt: Dead Mann's Drink to fix a problem with LODs
  • Updated the Die Regime-Panzerung to add a 'No Bullets' style
  • Updated/Added some tournament medals
  • Updated the Mann of the Hour
    • Restored missing rim mask
    • Made shapekeys for a few problematic face flexes
    • Replaced incorrect normal map
    • Altered hair mesh to ensure compatibility with Voodoo-Cursed Scout Soul
    • Updated backpack icon to represent above changes
  • Updated koth_demolition
    • Fixed some lighting issues with the pipes next to the control point
    • Replaced some textures in the radio rooms
    • Added a clipbrush on the radio rooms to avoid players getting stuck when going in the air (thanks Big Wiggy)
    • Reworked the nobuild on the crane platform to allow Engineers to build on the concrete area (thanks Uncle Dane)
    • Fixed a leftover prop being inside a wall
    • Fixed a texture in the jumppad using the wrong cubemap
    • Made the catwalk behind the office building a bit bigger
    • Added a clipbrush to the pipes on the furnace rooms so players can climb up to the barrels
  • Updated plr_hacksaw and plr_hacksaw_event
    • Removed attic balconies overlooking the capture zone
    • Moved a small pickup location into the attic
    • Fixed clipping errors
  • Updated cp_process_final
    • Fixed various collision issues across the map
      • Most of these involved changing existing collision from player_clip to bullet_block to prevent splash damage from getting caught on small pieces of level geometry
      • Some of these involved closing off open areas where explosions could vanish
      • Some of these involved making collision areas more clear by including new geometry to better indicate what would collide and what wouldn't
    • Increased skybox height across the map to be consistent with other 5CP maps
    • Changed the small prop pipes at last to be nonsolid, but still block stickies
      • Players should be able to cleanly walk and jump along these pipes without getting stuck
      • Additionally, rockets and other explosions should collide cleanly through the pipes so they don't block splash damage
      • Stickies will adhere to the pipes as expected, rather than clipping through and being hidden by the pipe model
    • Changed the level geometry around the large pipes on the ground near the last control point. They are now enclosed in glass and have a layer of bullet block so that collision is correct.
    • Increased the height of numerous doors across the entire map. Players should be able to jump normally through the door without hitting their heads.
    • Removed some rocks near the angled ramp at 2nd and replaced them with crates
    • Added angled player clipping underneath some of the large awnings at middle to prevent players from getting stuck under the awnings
    • Made exterior fences more consistent with the bounding of the level
    • Changed some metal textures to better match the mirrored symmetry of the level
    • Added some additional detail behind the starting spawn room
    • Cleaned up the displacements in the middle and second to better handle splash damage, and reduced the amount of grass poking through concrete
    • Replaced some small pipes at the 2nd spire to make a more consistent platform
    • Made many existing light props nonsolid to prevent movement issues
      • Most were already nonsolid, but this should make most props consistent
  • Updated cp_metalworks
    • Fixed various collision issues across the map
      • Most of these involved changing existing collision from player_clip to bullet_block to prevent splash damage from getting caught on small pieces of level geometry
    • Changed the level geometry at last to have more consistent collision
      • While there are small gaps and holes in the windows/doors of the new bunker and the stack of wood/chickenwire, they are covered with bullet block to prevent collision issues
    • Changed the way shadows work on certain walls throughout the map to prevent shadows leaking through
    • Redesigned the second forward spawn for both teams. The spawn has now moved back and into a larger hut structure in the yard before the second control point.
    • Increased the door size of the first forward spawn
    • The various small door brushes throughout the map have been turned into func_brushes and have had collision turned off so they don't catch splash
    • Made adjustments to the truck ramp at middle. The ramp is now a displacement, which should catch splash damage correctly and allow player to walk up to the wall cleanly.
    • Changed the collision around the very tall light poles throughout the map. Players should no longer get caught on them while in midair (but they still can't land on top of them).
    • Fixed a section of displacement where players could get stuck in the ground
    • Slight visual tweaks throughout the level


    • An update to Team Fortress 2 has been released. The update will be applied automatically when you restart Team Fortress 2. The major changes include:
    • Fixed crash related to KeyValues
    • Fixed Mk.II Botkiller eyes not glowing in the dark (community fix from Whurrhurr)
    • Fixed Halloween spell attribute text being grayed out during full moons (community fix from FrozenDragon)
    • Fixed attachments on dropped weapons having broken textures for certain war paints and skins (community fix from Piogre)
    • Fixed automatic "Control Point Lost" lines not playing (community fix from robbilookatme)
    • Fixed spacing issues for item descriptions (community fix from DiskIntegrity)
    • Fixed many cases where Spy disguises were broken (community fix from Sean McGeehan)
    • Fixed The Fancy Spellbook's large backpack icon not matching the small version
    • Updated VScript to allow set damage for force calc (community fix from doclic)
    • Updated the Snow Merc to count as an assister in the death notice
    • Updated the prop for Taunt: Dead Mann's Drink to fix a problem with LODs
    • Updated the Die Regime-Panzerung to add a 'No Bullets' style
    • Updated/Added some tournament medals
    • Updated the Mann of the Hour
      • Restored missing rim mask
      • Made shapekeys for a few problematic face flexes
      • Replaced incorrect normal map
      • Altered hair mesh to ensure compatibility with Voodoo-Cursed Scout Soul
      • Updated backpack icon to represent above changes
    • Updated koth_demolition
      • Fixed some lighting issues with the pipes next to the control point
      • Replaced some textures in the radio rooms
      • Added a clipbrush on the radio rooms to avoid players getting stuck when going in the air (thanks Big Wiggy)
      • Reworked the nobuild on the crane platform to allow Engineers to build on the concrete area (thanks Uncle Dane)
      • Fixed a leftover prop being inside a wall
      • Fixed a texture in the jumppad using the wrong cubemap
      • Made the catwalk behind the office building a bit bigger
      • Added a clipbrush to the pipes on the furnace rooms so players can climb up to the barrels
    • Updated plr_hacksaw and plr_hacksaw_event
      • Removed attic balconies overlooking the capture zone
      • Moved a small pickup location into the attic
      • Fixed clipping errors
    • Updated cp_process_final
      • Fixed various collision issues across the map
        • Most of these involved changing existing collision from player_clip to bullet_block to prevent splash damage from getting caught on small pieces of level geometry
        • Some of these involved closing off open areas where explosions could vanish
        • Some of these involved making collision areas more clear by including new geometry to better indicate what would collide and what wouldn't
      • Increased skybox height across the map to be consistent with other 5CP maps
      • Changed the small prop pipes at last to be nonsolid, but still block stickies
        • Players should be able to cleanly walk and jump along these pipes without getting stuck
        • Additionally, rockets and other explosions should collide cleanly through the pipes so they don't block splash damage
        • Stickies will adhere to the pipes as expected, rather than clipping through and being hidden by the pipe model
      • Changed the level geometry around the large pipes on the ground near the last control point. They are now enclosed in glass and have a layer of bullet block so that collision is correct.
      • Increased the height of numerous doors across the entire map. Players should be able to jump normally through the door without hitting their heads.
      • Removed some rocks near the angled ramp at 2nd and replaced them with crates
      • Added angled player clipping underneath some of the large awnings at middle to prevent players from getting stuck under the awnings
      • Made exterior fences more consistent with the bounding of the level
      • Changed some metal textures to better match the mirrored symmetry of the level
      • Added some additional detail behind the starting spawn room
      • Cleaned up the displacements in the middle and second to better handle splash damage, and reduced the amount of grass poking through concrete
      • Replaced some small pipes at the 2nd spire to make a more consistent platform
      • Made many existing light props nonsolid to prevent movement issues
        • Most were already nonsolid, but this should make most props consistent
    • Updated cp_metalworks
      • Fixed various collision issues across the map
        • Most of these involved changing existing collision from player_clip to bullet_block to prevent splash damage from getting caught on small pieces of level geometry
      • Changed the level geometry at last to have more consistent collision
        • While there are small gaps and holes in the windows/doors of the new bunker and the stack of wood/chickenwire, they are covered with bullet block to prevent collision issues
      • Changed the way shadows work on certain walls throughout the map to prevent shadows leaking through
      • Redesigned the second forward spawn for both teams. The spawn has now moved back and into a larger hut structure in the yard before the second control point.
      • Increased the door size of the first forward spawn
      • The various small door brushes throughout the map have been turned into func_brushes and have had collision turned off so they don't catch splash
      • Made adjustments to the truck ramp at middle. The ramp is now a displacement, which should catch splash damage correctly and allow player to walk up to the wall cleanly.
      • Changed the collision around the very tall light poles throughout the map. Players should no longer get caught on them while in midair (but they still can't land on top of them).
      • Fixed a section of displacement where players could get stuck in the ground
      • Slight visual tweaks throughout the level


    More...]]>     Steam News siosios https://n00bunlimited.net/home/forum/site-news/steam-news/80480-team-fortress-2-update-released     IPFire 2.29 - Core Update 202 is available for testing https://n00bunlimited.net/home/forum/site-news/ipfire/80479-ipfire-2-29-core-update-202-is-available-for-testing Mon, 11 May 2026 08:21:15 GMT Today we are proud to present the next challenger stepping into the ring: IPFire 2.29 Core Update 202! In this corner, a brand-new Linux 6.18 kernel....
    Today we are proud to present the next challenger stepping into the ring: IPFire 2.29 Core Update 202! In this corner, a brand-new Linux 6.18 kernel. In the other corner, OpenVPN 2.7 with kernel-accelerated Data Channel Offload, delivering up to 10 Gigabit per second per tunnel. Add to that a long list of important security fixes, package updates, and bug fixes - and you have a release that is ready for testing. So power up your test systems, and let's get readyyyy to upgraaaade!

    Linux Kernel Security Vulnerabilities

    In this release, the IPFire kernel has been rebased on Linux 6.18.28 which most notably fixes a couple of prominent security vulnerabilities:
    • Dirty Frag — ESP/IPsec (CVE-2026-43284) — A local privilege escalation flaw disclosed on May 7, 2026 in the kernel module providing support for ESP, one of the protocols used for IPsec, allowing an unprivileged local user to escalate to root.
    • Copy Fail (CVE-2026-31431) — A logic flaw in the Linux kernel's cryptographic subsystem, specifically within the algif_aead module of the AF_ALG interface, disclosed April 29, 2026, that lets any unprivileged local user gain root via a tiny exploit on essentially every distribution shipping kernels built since 2017.

    While these vulnerabilities are serious for Linux systems in general, IPFire is by design not exposed to the most common attack paths. Both flaws require an unprivileged local user with shell access to the system, and IPFire does not provide unprivileged shell accounts on the firewall - only the administrator has access to the console, and there are no other users logged in. That said, defence in depth matters, and we always recommend keeping systems up to date regardless of whether a known attack path applies, because the next vulnerability may well take a different shape.

    OpenVPN 2.7

    IPFire is now shipping OpenVPN 2.7 which has been released earlier this year. Over the last couple of updates, we have already rolled out changes that allow a smooth transition. The highlight of this release is support for Data Channel Offloading (DCO) to the kernel. Instead of passing any packets to the OpenVPN daemon for encryption and decryption, the kernel can encrypt or decrypt packets itself which will massively boost throughput. We have observed throughput to jump from 1 GBit/s to 10 GBit/s per tunnel with reduced jitter and less CPU utilisation due to the kernel's better use of the hardware's crypto acceleration.

    Misc.

    • Firewall: Multiple ports in a comma-separated list are now being applied properly (#13959)
    • Intrusion Prevention System: The IPS is no longer logging any stats which have used a lot of disk space on some systems. The updater automatically removes any log files freeing the disk space. The remaining log files are now being rotated daily instead of weekly.
    • The IPFire DNS Proxy is now permitted outbound access without any additional firewall rules
    • IPsec: Due to a typo in a script, some automatically generated firewall rules were not removed after a tunnel was shut down. This did not have any other implications than a growing table of redundant rules.
    • In glibc, a crafted DNS response can trick gethostbyaddr/gethostbyaddr_r into treating a non-answer section as a valid answer, violating the DNS spec. The result is an out-of-bounds read and bogus hostnames returned to callers — risky for anything that uses reverse DNS in logging or access decisions (GLIBC-SA-2026-0005).
    • Updated packages: abseil-cpp 20260107.1, Apache2 2.4.67, autoconf 2.73, BIND 9.20.22, btrfs-progs 6.19.1, cURL 8.20.0, ethtool 7.0, expat 2.8.0, freetype 2.14.3, glib 2.88.1, GnuTLS 3.8.13, groff 1.24.1, harfbuzz 14.2.0, hwdata 0.406, iana-etc 20260409, intel-microcode 20260227, inotify-tools 4.25.9.0, iproute2 7.0.0, ipset 7.24, Knot 3.5.4, libarchive 3.8.7, libcap 2.78, libcap-ng 0.9.3, libedit 20251016-3.1, libgcrypt 1.12.2, libinih 62, libjpeg 3.1.4.1, libpng 1.6.58, libsodium 1.0.22, liburcu 0.15.6, libxml2 2.15.3, lmdb 0.9.35, LVM2 2.03.40, man-pages 6.18, mdadm 4.6, oath-toolkit 2.6.14, OpenSSH 10.3p1, OpenSSL 3.6.2, OpenVPN 2.7.3, pango 1.57.1, parted 3.7, pciutils 3.15.0, python3-yaml 6.0.3, sed 4.10, SQLite 3.53.0, strongSwan 6.0.6, Suricata 8.0.4, systemd 260.1, texinfo 7.3, tzdata 2026b, Unbound 1.25.0, usb-modeswitch-data 20251207, wireguard-tools 1.0.20260223, XZ 5.8.3
    • IP Blocklist: Links to the BOGON and BOGON_FULL lists have been updated

    Add-Ons

    • Updated packages: arpwatch 3.9, dnsdist 2.0.5, ffmpeg 8.1, FRR 10.6.0, htop 3.5.1, iperf3 3.21, Git 2.54.0, HAProxy 3.2.15, keepalived 2.3.4, libid3tag 0.16.4, libmicrohttpd 1.0.5, libmpc 1.4.1, libpciaccess 0.19, libvirt 12.3.0, lldpd 1.0.21, mympd 25.0.1, nano 9.0, ncat 7.99, nfs 2.9.1, nmap 7.99, Postfix 3.11.1, rsync 3.4.2, Samba 4.24.1, Tor 0.4.9.7, transmission 4.1.1, tshark 4.6.5, Zabbix Agent 7.0.24 (LTS) + Monitoring for D-Bus & LLDP


    As always, this update would not be possible without the hard work of the IPFire developers, the wider open-source community whose projects we ship, and everyone who tests, reports bugs, and contributes patches. If you would like to support the continued development of IPFire, please donate - every contribution helps us keep the project independent and moving forward.

    Happy testing!


    More...]]>     Ipfire siosios https://n00bunlimited.net/home/forum/site-news/ipfire/80479-ipfire-2-29-core-update-202-is-available-for-testing     Left 4 Dead - Update https://n00bunlimited.net/home/forum/site-news/steam-news/80478-left-4-dead-update Wed, 06 May 2026 18:43:54 GMT An update has been released for Left 4 Dead: - Fixed several exploits that could be used to crash servers or remote players. An update has been...
    - Fixed several exploits that could be used to crash servers or remote players.

    An update has been released for Left 4 Dead:

    - Fixed several exploits that could be used to crash servers or remote players.

    More...]]>     Steam News siosios https://n00bunlimited.net/home/forum/site-news/steam-news/80478-left-4-dead-update     IPFire 2.29 - Core Update 201 released - with DNS Firewall https://n00bunlimited.net/home/forum/site-news/ipfire/80477-ipfire-2-29-core-update-201-released-with-dns-firewall Tue, 28 Apr 2026 08:30:21 GMT
    We are pleased to announce the release of IPFire 2.29 — Core Update 201, and with it, the most significant expansion of IPFire's capabilities in years. This release delivers the long-awaited DNS Firewall, a feature that transforms how IPFire protects the networks it sits in front of — along with a major toolchain rebase, a wide range of package updates, and improvements across the entire system.

    For many of you, this is the release you have been waiting for. For the rest of you — once you see what it does, it will be.

    Hello DNS Firewall

    The wait is over. One of the most requested features in IPFire's history is finally here, and it fundamentally changes what your firewall is capable of. The DNS Firewall transforms IPFire from a network gatekeeper into an active threat eliminator — blocking malware, phishing, advertising, and unwanted content before a single byte of malicious data ever touches your network.

    For full details, see the DNS Firewall documentation and the DNS Firewall roadmap page.

    How it works

    Every device on your network resolves domain names through IPFire's DNS proxy. The DNS Firewall sits inside that pipeline and evaluates every query against IPFire DBL — our own curated, continuously updated domain blocklist — before a response ever reaches the client. Blocked domains receive an NXDOMAIN response: to the client, the domain simply does not exist. No connection is attempted, no content is fetched, and no trace of the request leaves your network.

    As a first to offer this to a large user-base, blocklist updates are delivered via IXFR — incremental DNS zone transfers directly into the DNS proxy — meaning your lists are refreshed within the hour, automatically, with no manual intervention and minimal bandwidth overhead.

    Goodbye URL Filter. Goodbye Pi-hole.

    If you have been running the URL Filter, you already understand the frustration: clients need explicit proxy configuration, HTTPS inspection is a minefield, and the entire approach was designed for a web that no longer exists. If you have been running a Pi-hole alongside IPFire to compensate, you have been maintaining a second device, a second software stack, and a second security boundary — all to do something your firewall should have been doing all along.

    The DNS Firewall replaces both. It requires no client configuration, no additional hardware, and no compromises. Your firewall is already the single point through which all DNS traffic flows — it has always been the right place for this.

    Miscellaneous Improvements

    • Intrusion Prevention System It is now possible to configure different recipients for daily, weekly, and monthly IDS reports — useful for teams where different people are responsible for different reporting cadences.
    • RISC-V Arne.F has updated the kernel configuration on the experimental build for RISC-V devices.
    • Network Installer The installer now allocates more disk space when booting from the network, accommodating the increased size of the ISO download.
    • Rust Cleanup Stefan Schantl has removed Rust packages that were no longer needed in the distribution, reducing build overhead and attack surface.
    • Web Proxy Firewall Rules Rules are now created with the --wait flag, preventing race conditions during rule insertion.
    • Toolchain Update IPFire has been rebased on the latest versions of glibc 2.43 and GNU binutils 2.46.0. These are the fundamental libraries and binary tools that underpin all userspace components inside IPFire. Keeping them current ensures better hardware support, improved security hardening, and a solid foundation for all packages built on top of them.
    • The following packages have been updated in this release: asciidoctor 2.0.26, BIND 9.20.20, binutils 2.46.0, ccache 4.12.3, conntrack-tools 1.4.9, coreutils 9.10, dejagnu 1.6.3, expat 2.7.4, fuse 3.18.1, gettext 1.0, glibc 2.43, harfbuzz 12.3.2, hwdata 0.404, intel-microcode 20260210, iptables 1.8.12, jansson 2.15.0, krb5 1.22.1, less 692, libgcrypt 1.12.0, libnetfilter_conntrack 1.1.1, libpng 1.6.55, libtalloc 2.4.4, libuv 1.52.0, libxcrypt 4.5.2, m4 1.4.21, ncurses 6.6, OpenVPN 2.6.19, OpenSSL 3.6.1, p11-kit 0.26.2, PAM 1.7.2, procps 4.0.6, Ruby 4.0.1, suricata-reporter 0.7, vim 9.1.2147, wireless-regdb 2026.02.04, xfsprogs 6.18.0, zlib-ng 2.3.3

    Add-ons

    • Wireless Access Point
      • The description for the Neighbourhood Scan was previously inverted and has been corrected.
      • Adolf Belka has contributed a Dutch translation for this package.
    • Updated Add-on Packages: ddrescue 1.30, fping 5.5, Git 2.53.0, minicom 2.11, nano 8.7.1, nfs 2.8.5, Postfix 3.10.7, Samba 4.23.5, tshark 4.6.4
    • The 7zip package has been removed from the add-on collection. The upstream project is no longer maintained, and continuing to ship unmaintained software is not consistent with IPFire's security posture.


    This release is the product of years of work — from building IPFire DBL into a category-rich, continuously maintained blocklist, to engineering IXFR-based delivery straight into the DNS proxy, to the countless smaller improvements that make it all tie together. Our thanks go to every developer, tester, and community member who helped get us here, and in particular to those who ran the testing release and sent us the feedback that made this stable release possible.

    Please install this update through Pakfire as usual. As with every Core Update, we recommend rebooting after installation to ensure all components are running the new versions.

    If you find a problem, please report it on the IPFire community forum or the bug tracker. And if IPFire is useful to you, please consider supporting the project — it is what keeps releases like this one possible.


    More...]]>     Ipfire siosios https://n00bunlimited.net/home/forum/site-news/ipfire/80477-ipfire-2-29-core-update-201-released-with-dns-firewall     IPFire 2.29 - Core Update 201 is available for testing https://n00bunlimited.net/home/forum/site-news/ipfire/80476-ipfire-2-29-core-update-201-is-available-for-testing Thu, 12 Mar 2026 11:13:02 GMT We are pleased to announce a new testing release of IPFire! It brings you our DNS firewall - a feature that so many of you have been waiting for -...
    We are pleased to announce a new testing release of IPFire! It brings you our DNS firewall - a feature that so many of you have been waiting for - together with a large toolchain rebase, a wide range of updated package and the usual bunch of various improvements across the entire system.

    Hello DNS Firewall

    The wait is over. One of the most requested features in IPFire's history is finally here, and it fundamentally changes what your firewall is capable of. The DNS Firewall transforms IPFire from a network gatekeeper into an active threat eliminator — blocking malware, phishing, advertising, and unwanted content before a single byte of malicious data ever touches your network.

    For full details, see the DNS Firewall documentation and the DNS Firewall roadmap page.

    How it works

    Every device on your network resolves domain names through IPFire's DNS proxy. The DNS Firewall sits inside that pipeline and evaluates every query against IPFire DBL — our own curated, continuously updated domain blocklist — before a response ever reaches the client. Blocked domains receive an NXDOMAIN response: to the client, the domain simply does not exist. No connection is attempted, no content is fetched, and no trace of the request leaves your network.

    As a first to offer this to a large user-base, blocklist updates are delivered via IXFR — incremental DNS zone transfers directly into the DNS proxy — meaning your lists are refreshed within the hour, automatically, with no manual intervention and minimal bandwidth overhead.

    Goodbye URL Filter. Goodbye Pi-hole.

    If you have been running the URL Filter, you already understand the frustration: clients need explicit proxy configuration, HTTPS inspection is a minefield, and the entire approach was designed for a web that no longer exists. If you have been running a Pi-hole alongside IPFire to compensate, you have been maintaining a second device, a second software stack, and a second security boundary — all to do something your firewall should have been doing all along.

    The DNS Firewall replaces both. It requires no client configuration, no additional hardware, and no compromises. Your firewall is already the single point through which all DNS traffic flows — it has always been the right place for this.

    Miscellaneous Improvements

    • Intrusion Prevention System It is now possible to configure different recipients for daily, weekly, and monthly IDS reports — useful for teams where different people are responsible for different reporting cadences.
    • RISC-V Arne.F has updated the kernel configuration on the experimental build for RISC-V devices.
    • Network Installer The installer now allocates more disk space when booting from the network, accommodating the increased size of the ISO download.
    • Rust Cleanup Stefan Schantl has removed Rust packages that were no longer needed in the distribution, reducing build overhead and attack surface.
    • Web Proxy Firewall Rules Rules are now created with the --wait flag, preventing race conditions during rule insertion.
    • Toolchain Update IPFire has been rebased on the latest versions of glibc 2.43 and GNU binutils 2.46.0. These are the fundamental libraries and binary tools that underpin all userspace components inside IPFire. Keeping them current ensures better hardware support, improved security hardening, and a solid foundation for all packages built on top of them.
    • The following packages have been updated in this release: asciidoctor 2.0.26, BIND 9.20.20, binutils 2.46.0, ccache 4.12.3, conntrack-tools 1.4.9, coreutils 9.10, dejagnu 1.6.3, expat 2.7.4, fuse 3.18.1, gettext 1.0, glibc 2.43, harfbuzz 12.3.2, hwdata 0.404, intel-microcode 20260210, iptables 1.8.12, jansson 2.15.0, krb5 1.22.1, less 692, libgcrypt 1.12.0, libnetfilter_conntrack 1.1.1, libpng 1.6.55, libtalloc 2.4.4, libuv 1.52.0, libxcrypt 4.5.2, m4 1.4.21, ncurses 6.6, OpenVPN 2.6.19, OpenSSL 3.6.1, p11-kit 0.26.2, PAM 1.7.2, procps 4.0.6, Ruby 4.0.1, suricata-reporter 0.7, vim 9.1.2147, wireless-regdb 2026.02.04, xfsprogs 6.18.0, zlib-ng 2.3.3

    Add-ons

    • Wireless Access Point
      • The description for the Neighbourhood Scan was previously inverted and has been corrected.
      • Adolf Belka has contributed a Dutch translation for this package.
    • Updated Add-on Packages: ddrescue 1.30, fping 5.5, Git 2.53.0, minicom 2.11, nano 8.7.1, nfs 2.8.5, Postfix 3.10.7, Samba 4.23.5, tshark 4.6.4
    • The 7zip package has been removed from the add-on collection. The upstream project is no longer maintained, and continuing to ship unmaintained software is not consistent with IPFire's security posture.


    This is a testing release. We encourage all users who are able to run non-production hardware to give it a try and report any issues, particularly around the new DNS Firewall feature. Your feedback at this stage directly shapes the quality of the stable release.

    Please report issues on the IPFire community forum or the bug tracker.


    More...]]>     Ipfire siosios https://n00bunlimited.net/home/forum/site-news/ipfire/80476-ipfire-2-29-core-update-201-is-available-for-testing     Team Fortress 2 Update Released https://n00bunlimited.net/home/forum/site-news/steam-news/80475-team-fortress-2-update-released Wed, 11 Mar 2026 19:40:08 GMT An update to Team Fortress 2 has been released. The update will be applied automatically when you restart Team Fortress 2. The major changes include:...
  • Fixed client crash related to material proxies
  • Fixed Scout.NegativeVocalization04 sounds in Mann vs. Machine not playing because of a typo in the volume (community fix from That Hat Guy)
  • Fixed The Spy-cicle not using its icicle lightwarp (community fix from BreavyTF2)
  • Updated material for cp_coldfront to fix compression issue
  • Updated the prop for Taunt: Heartbreaker to fix a missing material
  • Updated koth_demolition
    • Fixed a player clip on the helipad allowing players to stand outside the playable area (thanks Midnite)
    • Fixed some player clip pixel walks on some doors
    • Fixed a blockbullets floating above BLU spawn (thanks True_Boredom)


    • An update to Team Fortress 2 has been released. The update will be applied automatically when you restart Team Fortress 2. The major changes include:
    • Fixed client crash related to material proxies
    • Fixed Scout.NegativeVocalization04 sounds in Mann vs. Machine not playing because of a typo in the volume (community fix from That Hat Guy)
    • Fixed The Spy-cicle not using its icicle lightwarp (community fix from BreavyTF2)
    • Updated material for cp_coldfront to fix compression issue
    • Updated the prop for Taunt: Heartbreaker to fix a missing material
    • Updated koth_demolition
      • Fixed a player clip on the helipad allowing players to stand outside the playable area (thanks Midnite)
      • Fixed some player clip pixel walks on some doors
      • Fixed a blockbullets floating above BLU spawn (thanks True_Boredom)


    More...]]>     Steam News siosios https://n00bunlimited.net/home/forum/site-news/steam-news/80475-team-fortress-2-update-released