<div class="container">
<section class="section">
- <div class="block">
- <h3 class="title is-3">{{ _("Under The Hood") }}</h3>
-
- <div class="columns">
- <div class="column is-one-fourth">
- IPFire is not only an app that you install, it is a whole operating
- system based on Linux, hardened and tuned to the maximum to serve
- as a firewall.
- Regular updates help keeping even the hardest kind of hacker out.
- </div>
+ <h3 class="title is-3">{{ _("Under The Hood") }}</h3>
- <div class="column">
- The stateful inspection firewall that is working inside IPFire
- is one of the fastest of its kind.
- Configuration of even complex rulesets becomes easy with
- groups for hosts and services on the network and help you
- to keep things in order, even when it gets complicated.
- </div>
- </div>
+ <div class="content">
+ <p>
+ IPFire is not only an app that you install, it is a whole operating
+ system based on Linux, hardened and tuned to the maximum to serve
+ as a firewall.
+
+ Regular updates help keeping even the hardest kind of hacker out.
+
+ The stateful inspection firewall that is working inside IPFire
+ is one of the fastest of its kind.
+
+ Configuration of even complex rulesets becomes easy with
+ groups for hosts and services on the network and help you
+ to keep things in order, even when it gets complicated.
+ </p>
</div>
- </section>
- <section class="section">
- <div class="block">
- <div class="columns">
- <div class="column is-one-third content">
- <h6>Network Security</h6>
-
- <ul>
- <li>Stateful inspection firewall</li>
- <li>
- Builtin network segmentation
- <ul>
- <li>Demilitarized Zone (DMZ)</li>
- <li>Separate network for wireless devices/guest network</li>
- </ul>
- </li>
- <li>Flexible rule creating with groups and visual aids</li>
- <li>Intrusion Prevention System</li>
- <li>
- Rate Limiting to Protect Servers from DoS attacks
- and Maximum Connection Limits
- </li>
- <li>
- <a href="https://www.ipfire.org/blog/ipfire-against-the-bad-guys-denial-of-service-protection-of-up-to-hundreds-of-gigabit-s">
- SYN-flood Protection
- </a>
- <span class="tag is-primary">{{ _("New") }}</span>
- </li>
- <li>Country-based Firewall Rules</li>
- <li>Source and Destination NAT Rules</li>
- <li>Time-based Firewall Rules</li>
- <li>MAC address-based Firewall Rules</li>
- <li>Blocking of P2P Networks</li>
- <li>Connection Logging</li>
- </ul>
-
- <h6>Network Features</h6>
-
- <ul>
- <li>VLAN (802.1q)</li>
- <li>Port Bridging</li>
- <li>Spanning Tree Protocol Support</li>
- <li>Wireless Access Point</li>
- <li>Live Connection Tracking</li>
- <li>Static Routes</li>
- <li>Dynamic Routing with Bird or FRR using BGP/OSPF</li>
- <li>
- DHCP Server
- <ul>
- <li>Static Leases</li>
- <li>DNS Update (RFC2136)</li>
- <li>Support for DHCP Options</li>
- </ul>
- </li>
- <li>Network Time Server (NTP)</li>
- <li>Dynamic DNS Client with support for many providers</li>
- <li>
- Captive Portal
- <ul>
- <li>Terms & Conditions or Coupon</li>
- <li>Customizable to your corporate design</li>
- <li>Coupon Code Export in PDF Format</li>
- <li>Flexible Coupon Expiry Times</li>
- </ul>
- </li>
- <li>Wake-on-LAN (WOL)</li>
- </ul>
-
- <h6>Web Proxy</h6>
-
- <ul>
- <li>Transparent Mode</li>
- <li>Support for Upstream Proxies with Authentication</li>
- <li>Advanced Logging</li>
- <li>In Memory and on Disk Cache</li>
- <li>
- Network-based Access Control (ACL)
- <ul>
- <li>By IP Address</li>
- <li>By MAC Address</li>
- <li>Ban/Allow List</li>
- </ul>
- </li>
- <li>Time-based Rules</li>
- <li>Transfer Limits based on File Size</li>
- <li>Download Throttling per Network Zone or Host</li>
- <li>Anomaly Detection based on AS Information</li>
- <li>MIME Type Filter</li>
- <li>Classroom Extensions</li>
- <li>Web Proxy Auto-Discovery Protocol (WPAD)</li>
- <li>Proxy Auto-Config (PAC)</li>
- <li>
- Authentication
- <ul>
- <li>Local User Database</li>
- <li>Microsoft Windows Active Directory</li>
- <li>LDAP</li>
- <li>RADIUS</li>
- </ul>
- </li>
- <li>
- Advanced Content Filtering
- <ul>
- <li>Blocklist-based Access Blocking</li>
- <li>Support for Various Blocklist Providers</li>
- <li>Automatic List Update</li>
- <li>Custom Blocklists</li>
- <li>Custom Allowlists</li>
- <li>Custom Expression Lists</li>
- <li>Filter by File Extension</li>
- <li>Custom Error Page</li>
- </ul>
- </li>
- <li>
- Advanced Update Caching
- <ul>
- <li>Microsoft Windows</li>
- <li>Apple Operating Systems</li>
- <li>Adobe</li>
- <li>Mozilla</li>
- <li>
- Various Anti-Virus Signatures including
- Avast,
- Avira,
- AVG,
- McAffee,
- Trend Micro,
- and Symantec
- </li>
- </ul>
- </li>
- </ul>
- </div>
+ <div class="columns">
+ <div class="column is-one-third content">
+ <h6>Network Security</h6>
- <div class="column is-one-third content">
- <h6>WAN Features</h6>
-
- <ul>
- <li>Support for Fibre, DSL, Cable and 5G/4G/3G</li>
- <li>Multiple Public IP Addresses</li>
- <li>Automatic failover for dialup connections</li>
- <li>User-Assignable MAC Address</li>
- </ul>
-
- <h6>VPN</h6>
-
- <ul>
- <li>
- IPsec
- <ul>
- <li>Net-to-Net and Net-to-Host Mode</li>
- <li>Support for IKEv2 and IKEv1</li>
- <li>Public Key and Pre-Shared-Secret Authentication</li>
- <li>
- Encryption
- <ul>
- <li>AES (CBC, GCM)</li>
- <li>ChaCha20-Poly1305</li>
- <li>Camellia</li>
- <li>3DES</li>
- </ul>
- </li>
- <li>
- Integrity
- <ul>
- <li>SHA2 512/384/256 Bit</li>
- <li>AES XCBC</li>
- <li>SHA1</li>
- <li>MD5</li>
- </ul>
- </li>
- <li>
- Key Exchange
- <ul>
- <li>
- <a href="https://www.ipfire.org/blog/introducing-post-quantum-cryptography-for-ipsec-in-ipfire">
- MLKEM for Post-Quantum Cryptography
- </a>
- <span class="tag is-primary">{{ _("New") }}</span>
- </li>
- <li>Curve-25519, Curve-448</li>
- <li>NIST ECP-521, 384, 256, 224, or 192 Bit</li>
- <li>Brainpool ECP-512, 384, 256, or 224 Bit</li>
- <li>RSA 8192, 6144, 4096, 3072, 2048, 1536, 1024, or 768 Bit</li>
- </ul>
- </li>
- <li>Hardware-accelerated Encryption</li>
- <li>Tunnel and Transport Mode</li>
- <li>Encapsulation with GRE and VTI</li>
- <li>Dead Peer Detection</li>
- <li>Perfect Forward Secrecy</li>
- <li>MOBIKE</li>
- <li>On-demand mode</li>
- <li>Payload Compression</li>
- <li>Easy connection export to Apple Mac OS/iOS devices</li>
- </ul>
- </li>
- <li>
- OpenVPN
- <ul>
- <li>Net-to-Net and Net-to-Host Mode</li>
- <li>Public Key Authentication</li>
- <li>
- Encryption
- <ul>
- <li>AES (CBC, GCM)</li>
- <li>Camellia</li>
- <li>SEED</li>
- <li>DES/3DES</li>
- <li>Blowfish</li>
- <li>CAST5</li>
- </ul>
- </li>
- <li>
- Integrity
- <ul>
- <li>SHA2 512, 384, or 256 Bit</li>
- <li>Whirpool</li>
- <li>SHA1</li>
- </ul>
- </li>
- <li>TLS Authentication</li>
- <li>TLS Channel Protection</li>
- <li>LZO Compression</li>
- <li>Configuration Export/Import in ZIP Format</li>
- </ul>
- </li>
- </ul>
-
- <h6>Quality of Service (QoS)</h6>
-
- <ul>
- <li>Inbound & Outbound Traffic Shaping</li>
- <li>Latency Minimization</li>
- <li>Classify Traffic by IP Address, Protocol, or Ports</li>
- <li>Layer7 Protocol Detection</li>
- </ul>
- </div>
+ <ul>
+ <li>Stateful inspection firewall</li>
+ <li>
+ Builtin network segmentation
+ <ul>
+ <li>Demilitarized Zone (DMZ)</li>
+ <li>Separate network for wireless devices/guest network</li>
+ </ul>
+ </li>
+ <li>Flexible rule creating with groups and visual aids</li>
+ <li>Intrusion Prevention System</li>
+ <li>
+ Rate Limiting to Protect Servers from DoS attacks
+ and Maximum Connection Limits
+ </li>
+ <li>
+ <a href="https://www.ipfire.org/blog/ipfire-against-the-bad-guys-denial-of-service-protection-of-up-to-hundreds-of-gigabit-s">
+ SYN-flood Protection
+ </a>
+ <span class="tag is-primary">{{ _("New") }}</span>
+ </li>
+ <li>Country-based Firewall Rules</li>
+ <li>Source and Destination NAT Rules</li>
+ <li>Time-based Firewall Rules</li>
+ <li>MAC address-based Firewall Rules</li>
+ <li>Blocking of P2P Networks</li>
+ <li>Connection Logging</li>
+ </ul>
- <div class="column is-one-third content">
- <h6>Intrusion Prevention System</h6>
-
- <ul>
- <li>Live Deep Packet Analysis</li>
- <li>Graphical Rule Editor</li>
- <li>Support for Various Rule Providers</li>
- <li>Automatic Ruleset Updates</li>
- </ul>
-
- <h6>DNS</h6>
-
- <ul>
- <li>Internal DNSSEC-validating DNS proxy</li>
- <li>Caching for faster DNS response times</li>
- <li>Local hostnames</li>
- <li>DNS Forwarding for Zones</li>
- <li>Configuration of multiple upstream DNS recursors</li>
- <li>Recursor/Standalone Mode</li>
- <li>DNS-over-TLS, TCP or UDP</li>
- <li>Agressive NSEC</li>
- <li>SafeSearch</li>
- <li>QNAME Minimization</li>
- </ul>
-
- <h6>Operating System</h6>
-
- <ul>
- <li>Comfortable Web User Interface in various languages</li>
- <li>Simple One-Click Updates</li>
- <li>Configuration Backup and Restore</li>
- <li>Detailed System Health Reports and Graphs</li>
- <li>Console Access with SSH</li>
- <li>Serial Console</li>
- <li>Hardware Vulnerability Reporting</li>
- <li>Email Notifications</li>
- <li>Remote Syslog</li>
- <li>SNMP/Zabbix/Observium Monitoring</li>
- </ul>
- </div>
+ <h6>Network Features</h6>
+
+ <ul>
+ <li>VLAN (802.1q)</li>
+ <li>Port Bridging</li>
+ <li>Spanning Tree Protocol Support</li>
+ <li>Wireless Access Point</li>
+ <li>Live Connection Tracking</li>
+ <li>Static Routes</li>
+ <li>Dynamic Routing with Bird or FRR using BGP/OSPF</li>
+ <li>
+ DHCP Server
+ <ul>
+ <li>Static Leases</li>
+ <li>DNS Update (RFC2136)</li>
+ <li>Support for DHCP Options</li>
+ </ul>
+ </li>
+ <li>Network Time Server (NTP)</li>
+ <li>Dynamic DNS Client with support for many providers</li>
+ <li>
+ Captive Portal
+ <ul>
+ <li>Terms & Conditions or Coupon</li>
+ <li>Customizable to your corporate design</li>
+ <li>Coupon Code Export in PDF Format</li>
+ <li>Flexible Coupon Expiry Times</li>
+ </ul>
+ </li>
+ <li>Wake-on-LAN (WOL)</li>
+ </ul>
+
+ <h6>Web Proxy</h6>
+
+ <ul>
+ <li>Transparent Mode</li>
+ <li>Support for Upstream Proxies with Authentication</li>
+ <li>Advanced Logging</li>
+ <li>In Memory and on Disk Cache</li>
+ <li>
+ Network-based Access Control (ACL)
+ <ul>
+ <li>By IP Address</li>
+ <li>By MAC Address</li>
+ <li>Ban/Allow List</li>
+ </ul>
+ </li>
+ <li>Time-based Rules</li>
+ <li>Transfer Limits based on File Size</li>
+ <li>Download Throttling per Network Zone or Host</li>
+ <li>Anomaly Detection based on AS Information</li>
+ <li>MIME Type Filter</li>
+ <li>Classroom Extensions</li>
+ <li>Web Proxy Auto-Discovery Protocol (WPAD)</li>
+ <li>Proxy Auto-Config (PAC)</li>
+ <li>
+ Authentication
+ <ul>
+ <li>Local User Database</li>
+ <li>Microsoft Windows Active Directory</li>
+ <li>LDAP</li>
+ <li>RADIUS</li>
+ </ul>
+ </li>
+ <li>
+ Advanced Content Filtering
+ <ul>
+ <li>Blocklist-based Access Blocking</li>
+ <li>Support for Various Blocklist Providers</li>
+ <li>Automatic List Update</li>
+ <li>Custom Blocklists</li>
+ <li>Custom Allowlists</li>
+ <li>Custom Expression Lists</li>
+ <li>Filter by File Extension</li>
+ <li>Custom Error Page</li>
+ </ul>
+ </li>
+ <li>
+ Advanced Update Caching
+ <ul>
+ <li>Microsoft Windows</li>
+ <li>Apple Operating Systems</li>
+ <li>Adobe</li>
+ <li>Mozilla</li>
+ <li>
+ Various Anti-Virus Signatures including
+ Avast,
+ Avira,
+ AVG,
+ McAffee,
+ Trend Micro,
+ and Symantec
+ </li>
+ </ul>
+ </li>
+ </ul>
+ </div>
+
+ <div class="column is-one-third content">
+ <h6>WAN Features</h6>
+
+ <ul>
+ <li>Support for Fibre, DSL, Cable and 5G/4G/3G</li>
+ <li>Multiple Public IP Addresses</li>
+ <li>Automatic failover for dialup connections</li>
+ <li>User-Assignable MAC Address</li>
+ </ul>
+
+ <h6>VPN</h6>
+
+ <ul>
+ <li>
+ IPsec
+ <ul>
+ <li>Net-to-Net and Net-to-Host Mode</li>
+ <li>Support for IKEv2 and IKEv1</li>
+ <li>Public Key and Pre-Shared-Secret Authentication</li>
+ <li>
+ Encryption
+ <ul>
+ <li>AES (CBC, GCM)</li>
+ <li>ChaCha20-Poly1305</li>
+ <li>Camellia</li>
+ <li>3DES</li>
+ </ul>
+ </li>
+ <li>
+ Integrity
+ <ul>
+ <li>SHA2 512/384/256 Bit</li>
+ <li>AES XCBC</li>
+ <li>SHA1</li>
+ <li>MD5</li>
+ </ul>
+ </li>
+ <li>
+ Key Exchange
+ <ul>
+ <li>
+ <a href="https://www.ipfire.org/blog/introducing-post-quantum-cryptography-for-ipsec-in-ipfire">
+ MLKEM for Post-Quantum Cryptography
+ </a>
+ <span class="tag is-primary">{{ _("New") }}</span>
+ </li>
+ <li>Curve-25519, Curve-448</li>
+ <li>NIST ECP-521, 384, 256, 224, or 192 Bit</li>
+ <li>Brainpool ECP-512, 384, 256, or 224 Bit</li>
+ <li>RSA 8192, 6144, 4096, 3072, 2048, 1536, 1024, or 768 Bit</li>
+ </ul>
+ </li>
+ <li>Hardware-accelerated Encryption</li>
+ <li>Tunnel and Transport Mode</li>
+ <li>Encapsulation with GRE and VTI</li>
+ <li>Dead Peer Detection</li>
+ <li>Perfect Forward Secrecy</li>
+ <li>MOBIKE</li>
+ <li>On-demand mode</li>
+ <li>Payload Compression</li>
+ <li>Easy connection export to Apple Mac OS/iOS devices</li>
+ </ul>
+ </li>
+ <li>
+ OpenVPN
+ <ul>
+ <li>Net-to-Net and Net-to-Host Mode</li>
+ <li>Public Key Authentication</li>
+ <li>
+ Encryption
+ <ul>
+ <li>AES (CBC, GCM)</li>
+ <li>Camellia</li>
+ <li>SEED</li>
+ <li>DES/3DES</li>
+ <li>Blowfish</li>
+ <li>CAST5</li>
+ </ul>
+ </li>
+ <li>
+ Integrity
+ <ul>
+ <li>SHA2 512, 384, or 256 Bit</li>
+ <li>Whirpool</li>
+ <li>SHA1</li>
+ </ul>
+ </li>
+ <li>TLS Authentication</li>
+ <li>TLS Channel Protection</li>
+ <li>LZO Compression</li>
+ <li>Configuration Export/Import in ZIP Format</li>
+ </ul>
+ </li>
+ </ul>
+
+ <h6>Quality of Service (QoS)</h6>
+
+ <ul>
+ <li>Inbound & Outbound Traffic Shaping</li>
+ <li>Latency Minimization</li>
+ <li>Classify Traffic by IP Address, Protocol, or Ports</li>
+ <li>Layer7 Protocol Detection</li>
+ </ul>
+ </div>
+
+ <div class="column is-one-third content">
+ <h6>Intrusion Prevention System</h6>
+
+ <ul>
+ <li>Live Deep Packet Analysis</li>
+ <li>Graphical Rule Editor</li>
+ <li>Support for Various Rule Providers</li>
+ <li>Automatic Ruleset Updates</li>
+ </ul>
+
+ <h6>DNS</h6>
+
+ <ul>
+ <li>Internal DNSSEC-validating DNS proxy</li>
+ <li>Caching for faster DNS response times</li>
+ <li>Local hostnames</li>
+ <li>DNS Forwarding for Zones</li>
+ <li>Configuration of multiple upstream DNS recursors</li>
+ <li>Recursor/Standalone Mode</li>
+ <li>DNS-over-TLS, TCP or UDP</li>
+ <li>Agressive NSEC</li>
+ <li>SafeSearch</li>
+ <li>QNAME Minimization</li>
+ </ul>
+
+ <h6>Operating System</h6>
+
+ <ul>
+ <li>Comfortable Web User Interface in various languages</li>
+ <li>Simple One-Click Updates</li>
+ <li>Configuration Backup and Restore</li>
+ <li>Detailed System Health Reports and Graphs</li>
+ <li>Console Access with SSH</li>
+ <li>Serial Console</li>
+ <li>Hardware Vulnerability Reporting</li>
+ <li>Email Notifications</li>
+ <li>Remote Syslog</li>
+ <li>SNMP/Zabbix/Observium Monitoring</li>
+ </ul>
</div>
</div>
</div>
projects / ipfire.org.git / commitdiff
