IPFire has announced the release of version 2.29 (Core Update 193), introducing significant enhancements to the Linux-based firewall distribution.
This update brings forward-thinking security features, including post-quantum cryptography support for IPsec tunnels and major toolchain upgrades that strengthen the system’s core infrastructure.
Post-Quantum Cryptography Implementation
The standout feature in IPFire 2.29 is the implementation of post-quantum cryptography for IPsec VPN tunnels.
The system now supports key exchanges using Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM), an algorithm designed to withstand attacks from quantum computers, which pose a theoretical threat to traditional cryptographic methods.
“IPsec tunnels now support key exchanges using the post-quantum Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM). This algorithm is believed to be secure against adversaries who possess a quantum computer,” the development team states in their release notes.
The update configures new tunnels to use ML-KEM by default, alongside other modern cryptographic algorithms including Curve448, Curve25519, various NIST-certified elliptic curve algorithms, and RSA-4096/RSA-3072.
This implementation ensures forward compatibility while maintaining interoperability with older systems.
Additionally, the default cipher list has been optimized, now preferring AES-256 in either GCM or CBC mode, or ChaCha20-Poly1305. Notably, AES-128 has been removed from the default cipher list due to its comparatively weaker security profile.
Core Toolchain Modernization
IPFire 2.29 features a significant toolchain upgrade, incorporating glibc 2.41 and Binutils 2.44.
These fundamental components form the backbone of the operating system and their update enables IPFire to generate optimized code that leverages the latest hardware capabilities.
The update to these core libraries represents IPFire’s commitment to keeping the firewall distribution modern, efficient, and hardened against potential security vulnerabilities.
Additional Improvements and Security Enhancements
IPFire 2.29 delivers numerous package updates that enhance functionality and address security concerns.
Noteworthy updates include strongSwan 6.0.0, SQLite 3.49.1, and Linux Firmware 20250211.
The Intel Microcode has been updated to version 20250211, addressing multiple security vulnerabilities, including INTEL-SA-01166, INTEL-SA-01213, and INTEL-SA-01139.
The development team has also addressed a bug with incorrect serial numbers that previously prevented the renewal of IPsec host certificates.
User interface improvements include aesthetic enhancements to the Firewall Groups page, contributed by community member Stephen Cuka.
DNS-over-TLS has been added to the list of default services, further enhancing privacy and security for DNS queries.
The discontinued Botnet C2 blocklist from abuse.ch has been removed as part of ongoing maintenance.
User Recommendations
The IPFire team strongly recommends users update to version 2.29 as soon as possible to benefit from the enhanced security features and performance improvements.
With its post-quantum cryptography support, IPFire 2.29 positions itself as a forward-looking firewall solution prepared for emerging security challenges in 2025 and beyond.
As with all open-source projects, IPFire continues to rely on community support through code contributions, bug reports, and financial sponsorship to maintain its development momentum and ensure it remains freely available to all users.
Application Security is no longer just a defensive play, Time to Secure -> Free Webinar
The post Linux Firewall IPFire 2.29 Released With Support for Post-Quantum Cryptography & Core Updates appeared first on Cyber Security News.
The original article found on Cyber Security News Read More
.png)
