Cyber Security News

Linux Firewall IPFire 2.29 Launches with Post-Quantum Encryption and System Enhancements

The open-source Linux firewall solution, IPFire, has officially released its latest version, IPFire 2.29 – Core Update 193.

This landmark update introduces cutting-edge post-quantum encryption capabilities for IPsec tunnels, along with extensive system upgrades to bolster security, performance, and hardware optimization for the long term.

Post-Quantum Cryptography for a More Secure Future

In a major step forward for cybersecurity, IPFire 2.29 integrates post-quantum cryptography into its IPsec VPN tunnels.

The implementation of the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) ensures stronger security, even against potential adversaries wielding advanced quantum computing technology.

The update makes this encryption method the default for new tunnels in combination with modern elliptic curve algorithms (Curve448, Curve25519), RSA-4096, and other NIST-certified cryptographic standards.

Existing tunnels can also be updated to use these advanced security configurations via the advanced settings page.

Additionally, IPFire has refined its default cipher list to prioritize robust encryption protocols such as AES-256 (GCM and CBC modes) and ChaCha20-Poly1305, while AES-128 has been dropped to enhance security compatibility with modern hardware.

This ensures businesses and users are well-equipped for the evolving cybersecurity landscape of 2025 and beyond.

System-Wide Toolchain and Firmware Upgrades

This update also modernizes IPFire’s core system components, including an upgrade to glibc 2.41 and Binutils 2.44.

These enhancements enable IPFire to generate highly efficient code tailored to the latest hardware features, ensuring optimal performance and security reliability at the operating system level.

A range of firmware and microcode updates have also been applied, addressing critical vulnerabilities such as INTEL-SA-01213 and other security issues.

Notable Improvements and Additions

Beyond the major cryptographic and system upgrades, IPFire 2.29 also includes:

  • The removal of the discontinued Botnet C2 blocklist from Abuse.ch.
  • A fix for a certificate renewal bug affecting IPsec host certificates.
  • Aesthetic upgrades to the Firewall Groups page credited to contributor Stephen Cuka.
  • The addition of DNS-over-TLS to the list of default services.

Updated Software and Add-ons

Key software packages have been upgraded, including Apache 2.4.63, StrongSwan 6.0.0, and Squid 6.13. Add-ons such as HAProxy 3.1.2, Git 2.48.1, and Samba 4.21.4 also receive notable updates, ensuring compatibility with the latest features.

The IPFire team expressed gratitude to its global community for their ongoing contributions, including code submissions, bug reports, and peer support.

To sustain its momentum as a leading open-source firewall, the team invites users to consider donating or becoming project sponsors.

This update is a testament to IPFire’s commitment to security and innovation. Users are encouraged to update immediately to leverage these advancements.

Find this News Interesting! Follow us on Google NewsLinkedIn, & X to Get Instant Updates!

Divya

Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Recent Posts

Top Ransomware Groups Target Financial Sector, 406 Incidents Revealed

Flashpoint analysts have reported that between April 2024 and April 2025, the financial sector emerged…

11 hours ago

Agenda Ransomware Group Enhances Tactics with SmokeLoader and NETXLOADER

The Agenda ransomware group, also known as Qilin, has been reported to intensify its attacks…

11 hours ago

SpyCloud Analysis Reveals 94% of Fortune 50 Companies Have Employee Data Exposed in Phishing Attacks

SpyCloud, the leading identity threat protection company, today released an analysis of nearly 6 million…

12 hours ago

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect servers…

13 hours ago

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by the…

14 hours ago

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution, enabling…

14 hours ago