IPFire 2.29 - Core Update 198 released

**siosios** · 2025-10-28T21:12:06+00:00

IPFire 2.29 - Core Update 198 is here — and it’s a big one. This release brings a major upgrade to our Intrusion Prevention System with Suricata 8, delivering improved performance, deeper inspection capabilities, and greater reliability. But the real breakthrough comes in how IPFire keeps you informed: real-time email reporting and beautifully designed PDF reports now give you instant insight into network activity, highlighting critical alerts and providing a clear, auditable trail of every event. This all comes on top of the usual package updates and a toolchain update.

Powerful New Reporting for the IPFire Intrusion Prevention System

One of the most requested improvements to the IPFire IPS has finally arrived - and it is a game changer for anyone who relies on their firewall to keep networks safe. The IPS now sends detailed alerts and reports beyond the firewall itself, creating a reliable paper trail even if the firewall is later compromised. With this update you can:

Get immediate email notifications for any alert above a threshold you define. Critical events no longer hide in log files - know about them the moment they happen, even if you are away from the dashboard.
Receive scheduled PDF reports every day, week, or month. These reports provide a complete summary of all alerts in an easy-to-read format that you can archive, or share with your team and management.
Forward alerts to remote syslog servers for secure external logging and long-term storage. This means you always have an independent record of IPS activity outside the firewall, making forensic analysis possible even if the appliance itself is damaged or tampered with.

Check out this sample report.

This combination of real-time notifications, scheduled reporting, and off-device logging dramatically improves the auditability and accountability of your IPS. Administrators gain a richer set of tools to track suspicious activity, build historical records, and prove that threats were detected and handled—even in worst-case scenarios where an attacker might try to cover their tracks.

Whether you manage a small office network or a large enterprise environment, these new reporting features make it easier than ever to stay on top of security events, respond quickly, and maintain a trustworthy record of what happened and when. It is the kind of change that doesn’t just add convenience - it strengthens the very foundation of your security operations.

Upgraded to Suricata 8.0.1, the IPFire IPS now caches compiled rules for near-instant startup, features sturdier memory handling, and expands protocol support to DNS-over-HTTP/2, Multicast DNS, LDAP, POP3, SDP in SIP, SIP over TCP, and WebSocket. Its pattern-matching just got a speed upgrade on ARM: the latest Vectorscan library introduces optimised algorithms that tap into more vector instructions for sharper performance.

Toolchain Rebase & Package Updates

The IPFire Toolchain has been rebased on the latest versions of the GNU Compiler Collection 15.2.0, GNU Binutils 2.42, and GNU glibc 2.42. They are all bringing various bug and security fixes as well as performance improvements. On top of that, this update comes with a large number of package updates: abseil-cpp 20250814.0, BIND 9.20.13, btrfs-progs 6.16, cmake 4.1.1, dtc 1.7.2, cURL 8.16.0, ed 1.22.2, elinks 0.18.0, ethtool 6.15, expat 2.7.2, fcron 3.4.0, freetype 2.14.1, gdbm 1.26, harfbuzz 11.4.5, hwdata 0.398, iproute2 6.16.0, less 679, libarchive 3.8.1, libconfig 1.8.1, libffi 3.5.2, libinih 61, libgcrypt 1.11.2, libssh 0.11.3, libtirpc 1.3.7, libxml2 2.14.6, lsof 4.99.5, LVM2 2.03.35, lzip 1.25, meson 1.9.0, nano 8.6, p11-kit 0.25.8, PCRE2 10.46, ruby 3.4.5, SQLite 3.5.4, sudo 1.9.17p2, whois 5.6.4, xfsprogs 6.16.0, zlib-ng 2.2.5

Misc.

Intel released new microcode for their processors fixing various recent security vulnerabilities
GRUB has been patched against a large number of vulnerabilities
On behalf of an Alex Williams from Pellera Technologies, Wade Sparks from VulnCheck has responsibly disclosed a number of vulnerabilities in the IPFire web UI related to using input from the browser without further validation. These have been filed as: #13876/CVE-2025-34301, #13877/CVE-2025-34302, #13878/CVE-2025-34303, #13879/CVE-2025-34304, #13880/CVE-2025-34305, #13881/CVE-2025-34306, #13882/CVE-2025-34307, #13883/CVE-2025-34308, #13884/CVE-2025-34309, #13885/CVE-2025-34310, #13886/CVE-2025-34311, #13887/CVE-2025-34312, #13888/CVE-2025-34313, #13889/CVE-2025-34314, #13890/CVE-2025-34315, #13891/CVE-2025-34316, #13892/CVE-2025-34317, #13893/CVE-2025-34318

Add-Ons

Updated packages: borgbackup 1.4.1, dehydrated 0.7.2, fping 5.4, FRR 10.4.1, Git 2.51.0, HAProxy: 3.2.4, iotop 1.30, iptraf-ng 1.2.2, libogg 1.3.6, libslirp 4.9.1, libusbredir 0.15.0, libvirt 11.7.0, lynis 3.1.5, mtr 0.96, mympd 22.0.4, nagios_nrpe 4.1.3, ncat 7.98, nfs .8.4, nginx 1.29.1, nmap 7.98, nut 2.8.4, opus 1.5.2, Postfix 3.10.4, python3-msgpack 1.1.0, QEMU + Guest Agent 10.1.0, rpcbind 1.2.8, Samba 4.22.4, strace 6.16, tshark 4.4.9, wsdd 0.9

Early Birds: Support IPFire with Crypto! We’re trialing cryptocurrency donations! Fast, borderless, and secure — your support helps keep IPFire independent and pushing open-source network security forward.

More...