{% end %}
</div>
{% end %}
+
+ <!-- Talk about funding. Donations, how LWL supports the project -->
+ </section>
+ </div>
+
+ <div class="container">
+ <section>
+ <h3>{{ _("Features") }}</h3>
+
+ <div class="row row-cols-1 row-cols-md-2 row-cols-lg-3">
+ <div class="col mb-4">
+ IPFire is not only an app that you install, it is a whole operating
+ system based on Linux, hardened and tuned to the maximum to serve
+ as a firewall.
+ Regular updates help keeping even the hardest kind of hacker out.
+ </div>
+
+ <div class="col mb-4">
+ IPFire is being managed over a web user interface that is easy
+ to use, yet powerful.
+ Every feature is only one click away. Our detailed documentation
+ tells you how.
+ </div>
+
+ <div class="col mb-4">
+ The stateful inspection firewall that is working inside IPFire
+ is one of the fastest of its kind.
+ Configuration of even complex rulesets becomes easy with
+ groups for hosts and services on the network and help you
+ to keep things in order, even when it gets complicated.
+ </div>
+
+ <div class="col mb-4">
+ Network segmentation is the key to a secure network.
+ IPFire allows setting up a demilitarized zone (DMZ) on your
+ network to control any threats from services that are being hosted
+ on the internet.
+ </div>
+ </div>
+ </section>
+ </div>
+
+ <!-- any screenshots go here -->
+
+ <div class="container">
+ <section>
+ <a class="btn btn-primary btn-lg btn-block" href="/download">
+ {{ _("Download IPFire now. It's free!") }}
+ </a>
+ </section>
+
+ <section>
+ <div class="row text-muted small row-cols-1 row-cols-md-2 row-cols-lg-3">
+ <div class="col mb-4">
+ <h6>Network Security</h6>
+
+ <ul>
+ <li>Stateful inspection firewall</li>
+ <li>
+ Builtin network segmentation
+ <ul>
+ <li>Demilitarized Zone (DMZ)</li>
+ <li>Separate network for wireless devices/guest network</li>
+ </ul>
+ </li>
+ <li>Flexible rule creating with groups and visual aids</li>
+ <li>Intrusion Prevention System</li>
+ <li>
+ Rate Limiting to Protect Servers from DoS attacks
+ and Maximum Connection Limits
+ </li>
+ <li>SYN-flood Protection</li>
+ <li>Country-based Firewall Rules</li>
+ <li>Source and Destination NAT Rules</li>
+ <li>Time-based Firewall Rules</li>
+ <li>MAC address-based Firewall Rules</li>
+ <li>Blocking of P2P Networks</li>
+ <li>Connection Logging</li>
+ </ul>
+
+ <h6>Network Features</h6>
+
+ <ul>
+ <li>VLAN (802.1q)</li>
+ <li>Port Bridging</li>
+ <li>Spanning Tree Protocol Support</li>
+ <li>Wireless Access Point</li>
+ <li>Live Connection Tracking</li>
+ <li>Static Routes</li>
+ <li>Dynamic Routing with Bird or FRR using BGP/OSPF</li>
+ <li>
+ DHCP Server
+ <ul>
+ <li>Static Leases</li>
+ <li>DNS Update (RFC2136)</li>
+ <li>Support for DHCP Options</li>
+ </ul>
+ </li>
+ <li>Network Time Server (NTP)</li>
+ <li>Dynamic DNS Client with support for many providers</li>
+ <li>
+ Captive Portal
+ <ul>
+ <li>Terms & Conditions or Coupon</li>
+ <li>Customizable to your corporate design</li>
+ <li>Coupon Code Export in PDF Format</li>
+ <li>Flexible Coupon Expiry Times</li>
+ </ul>
+ </li>
+ <li>Wake-on-LAN (WOL)</li>
+ </ul>
+
+ <h6>Web Proxy</h6>
+
+ <ul>
+ <li>Transparent Mode</li>
+ <li>Support for Upstream Proxies with Authentication</li>
+ <li>Advanced Logging</li>
+ <li>In Memory and on Disk Cache</li>
+ <li>
+ Network-based Access Control (ACL)
+ <ul>
+ <li>By IP Address</li>
+ <li>By MAC Address</li>
+ <li>Ban/Allow List</li>
+ </ul>
+ </li>
+ <li>Time-based Rules</li>
+ <li>Transfer Limits based on File Size</li>
+ <li>Download Throttling per Network Zone or Host</li>
+ <li>Anomaly Detection based on AS Information</li>
+ <li>MIME Type Filter</li>
+ <li>Classroom Extensions</li>
+ <li>Web Proxy Auto-Discovery Protocol (WPAD)</li>
+ <li>Proxy Auto-Config (PAC)</li>
+ <li>
+ Authentication
+ <ul>
+ <li>Local User Database</li>
+ <li>Microsoft Windows Active Directory</li>
+ <li>LDAP</li>
+ <li>RADIUS</li>
+ </ul>
+ </li>
+ <li>
+ Advanced Content Filtering
+ <ul>
+ <li>Blocklist-based Access Blocking</li>
+ <li>Support for Various Blocklist Providers</li>
+ <li>Automatic List Update</li>
+ <li>Custom Blocklists</li>
+ <li>Custom Allowlists</li>
+ <li>Custom Expression Lists</li>
+ <li>Filter by File Extension</li>
+ <li>Custom Error Page</li>
+ </ul>
+ </li>
+ <li>
+ Advanced Update Caching
+ <ul>
+ <li>Microsoft Windows</li>
+ <li>Apple Operating Systems</li>
+ <li>Adobe</li>
+ <li>Mozilla</li>
+ <li>
+ Various Anti-Virus Signatures including
+ Avast,
+ Avira,
+ AVG,
+ McAffee,
+ Trend Micro,
+ and Symantec
+ </li>
+ </ul>
+ </li>
+ </ul>
+ </div>
+
+ <div class="col mb-4">
+ <h6>WAN Features</h6>
+
+ <ul>
+ <li>Support for Fibre, DSL, Cable and 5G/4G/3G</li>
+ <li>Multiple Public IP Addresses</li>
+ <li>Automatic failover for dialup connections</li>
+ <li>User-Assignable MAC Address</li>
+ </ul>
+
+ <h6>VPN</h6>
+
+ <ul>
+ <li>
+ IPsec
+ <ul>
+ <li>Net-to-Net and Net-to-Host Mode</li>
+ <li>Support for IKEv2 and IKEv1</li>
+ <li>Public Key and Pre-Shared-Secret Authentication</li>
+ <li>
+ Encryption
+ <ul>
+ <li>AES (CBC, GCM)</li>
+ <li>ChaCha20-Poly1305</li>
+ <li>Camellia</li>
+ <li>3DES</li>
+ </ul>
+ </li>
+ <li>
+ Integrity
+ <ul>
+ <li>SHA2 512/384/256 Bit</li>
+ <li>AES XCBC</li>
+ <li>SHA1</li>
+ <li>MD5</li>
+ </ul>
+ </li>
+ <li>
+ Key Exchange
+ <ul>
+ <li>Curve-25519, Curve-448</li>
+ <li>NIST ECP-521, 384, 256, 224, or 192 Bit</li>
+ <li>Brainpool ECP-512, 384, 256, or 224 Bit</li>
+ <li>RSA 8192, 6144, 4096, 3072, 2048, 1536, 1024, or 768 Bit</li>
+ </ul>
+ </li>
+ <li>Hardware-accelerated Encryption</li>
+ <li>Tunnel and Transport Mode</li>
+ <li>Encapsulation with GRE and VTI</li>
+ <li>Dead Peer Detection</li>
+ <li>Perfect Forward Secrecy</li>
+ <li>MOBIKE</li>
+ <li>On-demand mode</li>
+ <li>Payload Compression</li>
+ <li>Easy connection export to Apple Mac OS/iOS devices</li>
+ </ul>
+ </li>
+ <li>
+ OpenVPN
+ <ul>
+ <li>Net-to-Net and Net-to-Host Mode</li>
+ <li>Public Key Authentication</li>
+ <li>
+ Encryption
+ <ul>
+ <li>AES (CBC, GCM)</li>
+ <li>Camellia</li>
+ <li>SEED</li>
+ <li>DES/3DES</li>
+ <li>Blowfish</li>
+ <li>CAST5</li>
+ </ul>
+ </li>
+ <li>
+ Integrity
+ <ul>
+ <li>SHA2 512, 384, or 256 Bit</li>
+ <li>Whirpool</li>
+ <li>SHA1</li>
+ </ul>
+ </li>
+ <li>TLS Authentication</li>
+ <li>TLS Channel Protection</li>
+ <li>LZO Compression</li>
+ <li>Configuration Export/Import in ZIP Format</li>
+ </ul>
+ </li>
+ </ul>
+
+ <h6>Quality of Service (QoS)</h6>
+
+ <ul>
+ <li>Inbound & Outbound Traffic Shaping</li>
+ <li>Latency Minimization</li>
+ <li>Classify Traffic by IP Address, Protocol, or Ports</li>
+ <li>Layer7 Protocol Detection</li>
+ </ul>
+ </div>
+
+ <div class="col mb-4">
+ <h6>Intrusion Prevention System</h6>
+
+ <ul>
+ <li>Live Deep Packet Analysis</li>
+ <li>Graphical Rule Editor</li>
+ <li>Support for Various Rule Providers</li>
+ <li>Automatic Ruleset Updates</li>
+ </ul>
+
+ <h6>DNS</h6>
+
+ <ul>
+ <li>Internal DNSSEC-validating DNS proxy</li>
+ <li>Caching for faster DNS response times</li>
+ <li>Local hostnames</li>
+ <li>DNS Forwarding for Zones</li>
+ <li>Configuration of multiple upstream DNS recursors</li>
+ <li>Recursor/Standalone Mode</li>
+ <li>DNS-over-TLS, TCP or UDP</li>
+ <li>SafeSearch</li>
+ <li>QNAME Minimization</li>
+ </ul>
+
+ <h6>Operating System</h6>
+
+ <ul>
+ <li>Comfortable Web User Interface in various languages</li>
+ <li>Simple One-Click Updates</li>
+ <li>Configuration Backup and Restore</li>
+ <li>Detailed System Health Reports and Graphs</li>
+ <li>Console Access with SSH</li>
+ <li>Serial Console</li>
+ <li>Hardware Vulnerability Reporting</li>
+ <li>Email Notifications</li>
+ <li>Remote Syslog</li>
+ <li>SNMP/Zabbix/Observium Monitoring</li>
+ </ul>
+ </div>
+ </div>
</section>
</div>
{% end block %}
projects / ipfire.org.git / commitdiff
