The release of IPFire 2.29 (Core Update 193) introduces major advancements to the Linux-based firewall distribution. The most notable feature is the integration of post-quantum cryptography for IPsec VPN tunnels. With the potential threats posed by quantum computing, IPFire now supports key exchanges using Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), offering enhanced security. This algorithm is designed to resist quantum attacks, ensuring that IPFire remains resilient to emerging threats in the future.
In addition to the post-quantum cryptography support, the update includes important toolchain upgrades, including glibc 2.41 and Binutils 2.44.
These updates strengthen the firewall’s core infrastructure by optimizing code generation, thus improving performance. The toolchain improvements ensure that IPFire remains modern and able to leverage the latest hardware capabilities while addressing any potential security vulnerabilities.
The update also includes numerous package and security enhancements. Notable updates are strongSwan 6.0.0, SQLite 3.49.1, and Linux Firmware 20250211. Additionally, the Intel Microcode has been updated to patch several vulnerabilities, improving overall system security. The update addresses various security concerns, including the bug related to incorrect serial numbers in IPsec host certificates, while adding DNS-over-TLS for better privacy.
The IPFire development team encourages all users to upgrade to version 2.29 to take advantage of its improved security features.
The release positions IPFire as a forward-looking firewall solution, preparing users for future security challenges. Continued support from the community remains crucial for the ongoing development of this open-source project.
Reference: