Software Update: IPFire 2.25 – Core Update 145

IPFire is an open source firewall for i586, x86_64, and ARM systems. It includes an intrusion detection/prevention system, divides the network into zones, does stateful packet inspection and offers VPN capabilities. For more information, please refer to this page. The developers have released version 2.25 Core Update 145 for production systems. The corresponding announcement looks like this:

IPFire 2.25 – Core Update 145 released

This is the official release announcement for IPFire 2.25 – Core Update 145. It introduces new metrics for OpenVPN and ships the largest number of package updates that we have ever had, fixing various bugs and carrying plenty of security-related fixes.

OpenVPN Metrics
OpenVPN will from now on collect metrics about connected clients. On an extra page, it will be shown which client has connected when and for how long it was connected.


  • The random number generator will be launched earlier in the boot process to see the kernel’s pseudo-random number generator as soon as possible. On some systems, this could have blocked the boot process for a couple of minutes.
  • Firewall: Connections that are being NATed will now always be logged in the filter chain, too
  • vnstat, the tool behind the net traffic graphs on the IPFire web user interface has been updated to use a new database format and refreshes its graphs more often, for more detailed and accurate data
  • Pakfire correctly uses upstream proxies now
  • A fixed amount of system libraries have been updated. They make the system faster, more robust, and more secure: automake 1.16.2, berkeley 5.3.28, bind 9.11.19, cmake 3.17.0, coreutils 8.32, hyperscan 5.2.1, iproute2 5.6.0, ipset 7.6, knot 2.9.4, libevent2 2.1.11-stable, libhtp 0.5.33, libjpeg 2.0.4, libpng 1.6.37, libseccomp 2.4.3, libusb 1.0.23, libwww-perl 6.43, netpbm 10.73.31, openldap 2.4.29 , openvpn 2.4.9, suricata 5.0.3, unbound 1.10.1, vnstat 2.6
  • The translations have been improved by adding new phrases, fixing typos and removing unused translation strings.

Updated packages: borgbackup 1.1.11, clamav 0.102.3, faad2 2.8.8, ffmpeg 4.4.2, fping 4.2, lame 3.100, libogg 1.3.4, libmpeg2 0.4.1, libshout 2.4.3, libtiff 4.1.0, libvorbis 1.3.6, motion 4.3.0, nano 4.9.2, opus 1.3.1, pcengines-apu-firmware, postfix 3.5.1, shairport-sync 3.3.6, sox 14.4.2, strace 5.5, taglib 1.11 .1, tmux 3.1, tor, tshark 3.2.3, xvid 1.3.7

netatalk has been added as a new package. It provides file-sharing services for Apple devices.

WIO has been updated and shows the connection times for IPsec tunnels.

Version number 2.25 – Core Update 145
Release status Final
Website IPFire
License type Conditions (GNU/BSD/etc.)