From: Michael Tremer Date: Fri, 2 May 2025 15:30:38 +0000 (+0000) Subject: about: Facelift of the "Under The Hood" section X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=afd7750a6743cf45760cca92a0cf312be797fd49;p=ipfire.org.git about: Facelift of the "Under The Hood" section No changes of the content. Signed-off-by: Michael Tremer --- diff --git a/src/templates/static/about.html b/src/templates/static/about.html index ed678ecd..db02b060 100644 --- a/src/templates/static/about.html +++ b/src/templates/static/about.html @@ -234,306 +234,300 @@
-
-

{{ _("Under The Hood") }}

- -
-
- IPFire is not only an app that you install, it is a whole operating - system based on Linux, hardened and tuned to the maximum to serve - as a firewall. - Regular updates help keeping even the hardest kind of hacker out. -
+

{{ _("Under The Hood") }}

-
- The stateful inspection firewall that is working inside IPFire - is one of the fastest of its kind. - Configuration of even complex rulesets becomes easy with - groups for hosts and services on the network and help you - to keep things in order, even when it gets complicated. -
-
+
+

+ IPFire is not only an app that you install, it is a whole operating + system based on Linux, hardened and tuned to the maximum to serve + as a firewall. + + Regular updates help keeping even the hardest kind of hacker out. + + The stateful inspection firewall that is working inside IPFire + is one of the fastest of its kind. + + Configuration of even complex rulesets becomes easy with + groups for hosts and services on the network and help you + to keep things in order, even when it gets complicated. +

-
-
-
-
-
-
Network Security
- -
    -
  • Stateful inspection firewall
    • -
  • - Builtin network segmentation -
      -
    • Demilitarized Zone (DMZ)
      • -
    • Separate network for wireless devices/guest network
      • -
    -
    • -
  • Flexible rule creating with groups and visual aids
    • -
  • Intrusion Prevention System
    • -
  • - Rate Limiting to Protect Servers from DoS attacks - and Maximum Connection Limits -
    • -
  • - - SYN-flood Protection - - {{ _("New") }} -
    • -
  • Country-based Firewall Rules
    • -
  • Source and Destination NAT Rules
    • -
  • Time-based Firewall Rules
    • -
  • MAC address-based Firewall Rules
    • -
  • Blocking of P2P Networks
    • -
  • Connection Logging
    • -
- -
Network Features
- -
    -
  • VLAN (802.1q)
    • -
  • Port Bridging
    • -
  • Spanning Tree Protocol Support
    • -
  • Wireless Access Point
    • -
  • Live Connection Tracking
    • -
  • Static Routes
    • -
  • Dynamic Routing with Bird or FRR using BGP/OSPF
    • -
  • - DHCP Server -
      -
    • Static Leases
      • -
    • DNS Update (RFC2136)
      • -
    • Support for DHCP Options
      • -
    -
    • -
  • Network Time Server (NTP)
    • -
  • Dynamic DNS Client with support for many providers
    • -
  • - Captive Portal -
      -
    • Terms & Conditions or Coupon
      • -
    • Customizable to your corporate design
      • -
    • Coupon Code Export in PDF Format
      • -
    • Flexible Coupon Expiry Times
      • -
    -
    • -
  • Wake-on-LAN (WOL)
    • -
- -
Web Proxy
- -
    -
  • Transparent Mode
    • -
  • Support for Upstream Proxies with Authentication
    • -
  • Advanced Logging
    • -
  • In Memory and on Disk Cache
    • -
  • - Network-based Access Control (ACL) -
      -
    • By IP Address
      • -
    • By MAC Address
      • -
    • Ban/Allow List
      • -
    -
    • -
  • Time-based Rules
    • -
  • Transfer Limits based on File Size
    • -
  • Download Throttling per Network Zone or Host
    • -
  • Anomaly Detection based on AS Information
    • -
  • MIME Type Filter
    • -
  • Classroom Extensions
    • -
  • Web Proxy Auto-Discovery Protocol (WPAD)
    • -
  • Proxy Auto-Config (PAC)
    • -
  • - Authentication -
      -
    • Local User Database
      • -
    • Microsoft Windows Active Directory
      • -
    • LDAP
      • -
    • RADIUS
      • -
    -
    • -
  • - Advanced Content Filtering -
      -
    • Blocklist-based Access Blocking
      • -
    • Support for Various Blocklist Providers
      • -
    • Automatic List Update
      • -
    • Custom Blocklists
      • -
    • Custom Allowlists
      • -
    • Custom Expression Lists
      • -
    • Filter by File Extension
      • -
    • Custom Error Page
      • -
    -
    • -
  • - Advanced Update Caching -
      -
    • Microsoft Windows
      • -
    • Apple Operating Systems
      • -
    • Adobe
      • -
    • Mozilla
      • -
    • - Various Anti-Virus Signatures including - Avast, - Avira, - AVG, - McAffee, - Trend Micro, - and Symantec -
      • -
    -
    • -
-
+
+
+
Network Security
-
-
WAN Features
- -
    -
  • Support for Fibre, DSL, Cable and 5G/4G/3G
    • -
  • Multiple Public IP Addresses
    • -
  • Automatic failover for dialup connections
    • -
  • User-Assignable MAC Address
    • -
- -
VPN
- -
    -
  • - IPsec -
      -
    • Net-to-Net and Net-to-Host Mode
      • -
    • Support for IKEv2 and IKEv1
      • -
    • Public Key and Pre-Shared-Secret Authentication
      • -
    • - Encryption -
        -
      • AES (CBC, GCM)
        • -
      • ChaCha20-Poly1305
        • -
      • Camellia
        • -
      • 3DES
        • -
      -
      • -
    • - Integrity -
        -
      • SHA2 512/384/256 Bit
        • -
      • AES XCBC
        • -
      • SHA1
        • -
      • MD5
        • -
      -
      • -
    • - Key Exchange -
        -
      • - - MLKEM for Post-Quantum Cryptography - - {{ _("New") }} -
        • -
      • Curve-25519, Curve-448
        • -
      • NIST ECP-521, 384, 256, 224, or 192 Bit
        • -
      • Brainpool ECP-512, 384, 256, or 224 Bit
        • -
      • RSA 8192, 6144, 4096, 3072, 2048, 1536, 1024, or 768 Bit
        • -
      -
      • -
    • Hardware-accelerated Encryption
      • -
    • Tunnel and Transport Mode
      • -
    • Encapsulation with GRE and VTI
      • -
    • Dead Peer Detection
      • -
    • Perfect Forward Secrecy
      • -
    • MOBIKE
      • -
    • On-demand mode
      • -
    • Payload Compression
      • -
    • Easy connection export to Apple Mac OS/iOS devices
      • -
    -
    • -
  • - OpenVPN -
      -
    • Net-to-Net and Net-to-Host Mode
      • -
    • Public Key Authentication
      • -
    • - Encryption -
        -
      • AES (CBC, GCM)
        • -
      • Camellia
        • -
      • SEED
        • -
      • DES/3DES
        • -
      • Blowfish
        • -
      • CAST5
        • -
      -
      • -
    • - Integrity -
        -
      • SHA2 512, 384, or 256 Bit
        • -
      • Whirpool
        • -
      • SHA1
        • -
      -
      • -
    • TLS Authentication
      • -
    • TLS Channel Protection
      • -
    • LZO Compression
      • -
    • Configuration Export/Import in ZIP Format
      • -
    -
    • -
- -
Quality of Service (QoS)
- -
    -
  • Inbound & Outbound Traffic Shaping
    • -
  • Latency Minimization
    • -
  • Classify Traffic by IP Address, Protocol, or Ports
    • -
  • Layer7 Protocol Detection
    • -
-
+
    +
  • Stateful inspection firewall
    • +
  • + Builtin network segmentation +
      +
    • Demilitarized Zone (DMZ)
      • +
    • Separate network for wireless devices/guest network
      • +
    +
    • +
  • Flexible rule creating with groups and visual aids
    • +
  • Intrusion Prevention System
    • +
  • + Rate Limiting to Protect Servers from DoS attacks + and Maximum Connection Limits +
    • +
  • + + SYN-flood Protection + + {{ _("New") }} +
    • +
  • Country-based Firewall Rules
    • +
  • Source and Destination NAT Rules
    • +
  • Time-based Firewall Rules
    • +
  • MAC address-based Firewall Rules
    • +
  • Blocking of P2P Networks
    • +
  • Connection Logging
    • +
-
-
Intrusion Prevention System
- -
    -
  • Live Deep Packet Analysis
    • -
  • Graphical Rule Editor
    • -
  • Support for Various Rule Providers
    • -
  • Automatic Ruleset Updates
    • -
- -
DNS
- -
    -
  • Internal DNSSEC-validating DNS proxy
    • -
  • Caching for faster DNS response times
    • -
  • Local hostnames
    • -
  • DNS Forwarding for Zones
    • -
  • Configuration of multiple upstream DNS recursors
    • -
  • Recursor/Standalone Mode
    • -
  • DNS-over-TLS, TCP or UDP
    • -
  • Agressive NSEC
    • -
  • SafeSearch
    • -
  • QNAME Minimization
    • -
- -
Operating System
- -
    -
  • Comfortable Web User Interface in various languages
    • -
  • Simple One-Click Updates
    • -
  • Configuration Backup and Restore
    • -
  • Detailed System Health Reports and Graphs
    • -
  • Console Access with SSH
    • -
  • Serial Console
    • -
  • Hardware Vulnerability Reporting
    • -
  • Email Notifications
    • -
  • Remote Syslog
    • -
  • SNMP/Zabbix/Observium Monitoring
    • -
-
+
Network Features
+ +
    +
  • VLAN (802.1q)
    • +
  • Port Bridging
    • +
  • Spanning Tree Protocol Support
    • +
  • Wireless Access Point
    • +
  • Live Connection Tracking
    • +
  • Static Routes
    • +
  • Dynamic Routing with Bird or FRR using BGP/OSPF
    • +
  • + DHCP Server +
      +
    • Static Leases
      • +
    • DNS Update (RFC2136)
      • +
    • Support for DHCP Options
      • +
    +
    • +
  • Network Time Server (NTP)
    • +
  • Dynamic DNS Client with support for many providers
    • +
  • + Captive Portal +
      +
    • Terms & Conditions or Coupon
      • +
    • Customizable to your corporate design
      • +
    • Coupon Code Export in PDF Format
      • +
    • Flexible Coupon Expiry Times
      • +
    +
    • +
  • Wake-on-LAN (WOL)
    • +
+ +
Web Proxy
+ +
    +
  • Transparent Mode
    • +
  • Support for Upstream Proxies with Authentication
    • +
  • Advanced Logging
    • +
  • In Memory and on Disk Cache
    • +
  • + Network-based Access Control (ACL) +
      +
    • By IP Address
      • +
    • By MAC Address
      • +
    • Ban/Allow List
      • +
    +
    • +
  • Time-based Rules
    • +
  • Transfer Limits based on File Size
    • +
  • Download Throttling per Network Zone or Host
    • +
  • Anomaly Detection based on AS Information
    • +
  • MIME Type Filter
    • +
  • Classroom Extensions
    • +
  • Web Proxy Auto-Discovery Protocol (WPAD)
    • +
  • Proxy Auto-Config (PAC)
    • +
  • + Authentication +
      +
    • Local User Database
      • +
    • Microsoft Windows Active Directory
      • +
    • LDAP
      • +
    • RADIUS
      • +
    +
    • +
  • + Advanced Content Filtering +
      +
    • Blocklist-based Access Blocking
      • +
    • Support for Various Blocklist Providers
      • +
    • Automatic List Update
      • +
    • Custom Blocklists
      • +
    • Custom Allowlists
      • +
    • Custom Expression Lists
      • +
    • Filter by File Extension
      • +
    • Custom Error Page
      • +
    +
    • +
  • + Advanced Update Caching +
      +
    • Microsoft Windows
      • +
    • Apple Operating Systems
      • +
    • Adobe
      • +
    • Mozilla
      • +
    • + Various Anti-Virus Signatures including + Avast, + Avira, + AVG, + McAffee, + Trend Micro, + and Symantec +
      • +
    +
    • +
+
+ +
+
WAN Features
+ +
    +
  • Support for Fibre, DSL, Cable and 5G/4G/3G
    • +
  • Multiple Public IP Addresses
    • +
  • Automatic failover for dialup connections
    • +
  • User-Assignable MAC Address
    • +
+ +
VPN
+ +
    +
  • + IPsec +
      +
    • Net-to-Net and Net-to-Host Mode
      • +
    • Support for IKEv2 and IKEv1
      • +
    • Public Key and Pre-Shared-Secret Authentication
      • +
    • + Encryption +
        +
      • AES (CBC, GCM)
        • +
      • ChaCha20-Poly1305
        • +
      • Camellia
        • +
      • 3DES
        • +
      +
      • +
    • + Integrity +
        +
      • SHA2 512/384/256 Bit
        • +
      • AES XCBC
        • +
      • SHA1
        • +
      • MD5
        • +
      +
      • +
    • + Key Exchange +
        +
      • + + MLKEM for Post-Quantum Cryptography + + {{ _("New") }} +
        • +
      • Curve-25519, Curve-448
        • +
      • NIST ECP-521, 384, 256, 224, or 192 Bit
        • +
      • Brainpool ECP-512, 384, 256, or 224 Bit
        • +
      • RSA 8192, 6144, 4096, 3072, 2048, 1536, 1024, or 768 Bit
        • +
      +
      • +
    • Hardware-accelerated Encryption
      • +
    • Tunnel and Transport Mode
      • +
    • Encapsulation with GRE and VTI
      • +
    • Dead Peer Detection
      • +
    • Perfect Forward Secrecy
      • +
    • MOBIKE
      • +
    • On-demand mode
      • +
    • Payload Compression
      • +
    • Easy connection export to Apple Mac OS/iOS devices
      • +
    +
    • +
  • + OpenVPN +
      +
    • Net-to-Net and Net-to-Host Mode
      • +
    • Public Key Authentication
      • +
    • + Encryption +
        +
      • AES (CBC, GCM)
        • +
      • Camellia
        • +
      • SEED
        • +
      • DES/3DES
        • +
      • Blowfish
        • +
      • CAST5
        • +
      +
      • +
    • + Integrity +
        +
      • SHA2 512, 384, or 256 Bit
        • +
      • Whirpool
        • +
      • SHA1
        • +
      +
      • +
    • TLS Authentication
      • +
    • TLS Channel Protection
      • +
    • LZO Compression
      • +
    • Configuration Export/Import in ZIP Format
      • +
    +
    • +
+ +
Quality of Service (QoS)
+ +
    +
  • Inbound & Outbound Traffic Shaping
    • +
  • Latency Minimization
    • +
  • Classify Traffic by IP Address, Protocol, or Ports
    • +
  • Layer7 Protocol Detection
    • +
+
+ +
+
Intrusion Prevention System
+ +
    +
  • Live Deep Packet Analysis
    • +
  • Graphical Rule Editor
    • +
  • Support for Various Rule Providers
    • +
  • Automatic Ruleset Updates
    • +
+ +
DNS
+ +
    +
  • Internal DNSSEC-validating DNS proxy
    • +
  • Caching for faster DNS response times
    • +
  • Local hostnames
    • +
  • DNS Forwarding for Zones
    • +
  • Configuration of multiple upstream DNS recursors
    • +
  • Recursor/Standalone Mode
    • +
  • DNS-over-TLS, TCP or UDP
    • +
  • Agressive NSEC
    • +
  • SafeSearch
    • +
  • QNAME Minimization
    • +
+ +
Operating System
+ +
    +
  • Comfortable Web User Interface in various languages
    • +
  • Simple One-Click Updates
    • +
  • Configuration Backup and Restore
    • +
  • Detailed System Health Reports and Graphs
    • +
  • Console Access with SSH
    • +
  • Serial Console
    • +
  • Hardware Vulnerability Reporting
    • +
  • Email Notifications
    • +
  • Remote Syslog
    • +
  • SNMP/Zabbix/Observium Monitoring
    • +