DNS firewall IPFire can now block active threats before they even reach your network

IPFire 2.29 Core Update 201 marks a major expansion for this hardened Linux-based firewall and router system. Most notably, the release introduces the DNS firewall, addressing one of the most requested features in IPFire's history. This addition enables the firewall to block malware, phishing, advertising, and other unwanted content before it enters your network. Every DNS query made by devices on the network is funneled through IPFire's DNS proxy, where requests are checked against the project's curated and continuously updated domain blocklist. If a domain is blocked, the system returns an NXDOMAIN response, preventing any connection or data transfer to that site. Those who previously relied on a separate Pi-hole setup may now find it redundant with this update.

In addition to the DNS firewall, users can now specify different recipients for daily, weekly, and monthly intrusion detection system (IDS) reports. This new flexibility benefits teams with distributed reporting responsibilities. Following these changes, the release also updates the kernel configuration for experimental RISC-V builds, potentially broadening IPFire's hardware support further.

Finally, this update brings an improved network installer, removes obsolete Rust packages, refreshes web proxy firewall rules, upgrades the toolchain, and offers various updated packages throughout the system.