Sotto il cofano

Favourites
Voting
Average rating
IPFire non è solo un'app che si installa, è un'intera applicazione, il sistema è basato su Linux, che è stato indurito e ottimizato al massimo per usarlo come un firewall.
Aggiornamenti regolari aiutano a mantenere fuori anche hacker piu competente.
Il firewall IPFire è uno dei più veloci del suo genere.
La configurazione di regole anche complesse diventa facile con Gruppi per host e servizi sulla rete e aiutarti per mantenere le cose in ordine, anche quando la configurazione si complica.
 
 
Network Security
  • Stateful inspection firewall
  • Builtin network segmentation
    • Demilitarized Zone (DMZ)
    • Separate network for wireless devices/guest network
  • Flexible rule creating with groups and visual aids
  • Intrusion Prevention System
  • Rate Limiting to Protect Servers from DoS attacks and Maximum
    Connection Limits
  • SYN-flood Protection
  • Country-based Firewall Rules
  • Source and Destination NAT Rules
  • Time-based Firewall Rules
  • MAC address-based Firewall Rules
  • Blocking of P2P Networks
  • Connection Logging
Network Features
  • VLAN (802.1q)
  • Port Bridging
  • Spanning Tree Protocol Support
  • Wireless Access Point
  • Live Connection Tracking
  • Static Routes
  • Dynamic Routing with Bird or FRR using BGP/OSPF
  • DHCP Server
    • Static Leases
    • DNS Update (RFC2136)
    • Support for DHCP Options
  • Network Time Server (NTP)
  • Dynamic DNS Client with support for many providers
  • Captive Portal
    • Terms & Conditions or Coupon
    • Customizable to your corporate design
    • Coupon Code Export in PDF Format
    • Flexible Coupon Expiry Times
  • Wake-on-LAN (WOL)
Web Proxy
  • Transparent Mode
  • Support for Upstream Proxies with Authentication
  • Advanced Logging
  • In Memory and on Disk Cache
  • Network-based Access Control (ACL)
    • By IP Address
    • By MAC Address
    • Ban/Allow List
  • Time-based Rules
  • Transfer Limits based on File Size
  • Download Throttling per Network Zone or Host
  • Anomaly Detection based on AS Information
  • MIME Type Filter
  • Classroom Extensions
  • Web Proxy Auto-Discovery Protocol (WPAD)
  • Proxy Auto-Config (PAC)
  • Authentication
    • Local User Database
    • Microsoft Windows Active Directory
    • LDAP
    • RADIUS
  • Advanced Content Filtering
    • Blocklist-based Access Blocking
    • Support for Various Blocklist Providers
    • Automatic List Update
    • Custom Blocklists
    • Custom Allowlists
    • Custom Expression Lists
    • Filter by File Extension
    • Custom Error Page
  • Advanced Update Caching
    • Microsoft Windows
    • Apple Operating Systems
    • Adobe
    • Mozilla
    • Various Anti-Virus Signatures including Avast, Avira, AVG, McAffee,
      Trend Micro and Symantec
WAN Features
  • Support for Fibre, DSL, Cable and 5G/4G/3G
  • Multiple Public IP Addresses
  • Automatic failover for dialup connections
  • User-Assignable MAC Address
  
VPN
  • IPsec
    • Net-to-Net and Net-to-Host Mode
    • Support for IKEv2 and IKEv1
    • Public Key and Pre-Shared-Secret Authentication
    • Encryption
      • AES (CBC, GCM)
      • ChaCha20-Poly1305
      • Camellia
      • 3DES
    • Integrity
      • SHA2 512/384/256 Bit
      • AES XCBC
      • SHA1
      • MD5
    • Key Exchange
      • Curve-25519, Curve-448
      • NIST ECP-521, 384, 256, 224, or 192 Bit
      • Brainpool ECP-512, 384, 256, or 224 Bit
      • RSA 8192, 6144, 4096, 3072, 2048, 1536, 1024, or 768 Bit
    • Hardware-accelerated Encryption
    • Tunnel and Transport Mode
    • Encapsulation with GRE and VTI
    • Dead Peer Detection
    • Perfect Forward Secrecy
    • MOBIKE
    • On-demand mode
    • Payload Compression
    • Easy connection export to Apple Mac OS/iOS devices
  • OpenVPN
    • Net-to-Net and Net-to-Host Mode
    • Public Key Authentication
    • Encryption
      • AES (CBC, GCM)
      • Camellia
      • SEED
      • DES/3DES
      • Blowfish
      • CAST5
    • Integrity
      • SHA2 512, 384, or 256 Bit
      • Whirpool
      • SHA1
    • TLS Authentication
    • TLS Channel Protection
    • LZO Compression
    • Configuration Export/Import in ZIP Format
Quality of Service (QoS)
  • Inbound & Outbound Traffic Shaping
  • Latency Minimization
  • Classify Traffic by IP Address, Protocol, or Ports
  • Layer7 Protocol Detection
Intrusion Prevention System
  • Live Deep Packet Analysis
  • Graphical Rule Editor
  • Support for Various Rule Providers
  • Automatic Ruleset Updates
DNS
  • Internal DNSSEC-validating DNS proxy
  • Caching for faster DNS response times
  • Local hostnames
  • DNS Forwarding for Zones
  • Configuration of multiple upstream DNS recursors
  • Recursor/Standalone Mode
  • DNS-over-TLS, TCP or UDP
  • Agressive NSEC
  • SafeSearch
  • QNAME Minimization
Operating System
  • Comfortable Web User Interface in various languages
  • Simple One-Click Updates
  • Configuration Backup and Restore
  • Detailed System Health Reports and Graphs
  • Console Access with SSH
  • Serial Console
  • Hardware Vulnerability Reporting
  • Email Notifications
  • Remote Syslog
  • SNMP/Zabbix/Observium Monitoring