The new IP Fire 2.29 Core Update 198 It is now available As a stable version of the well-known hardened Linux firewall, this release prioritizes intrusion detection, operational visibility, and system hygiene with a wide range of patches.
This cycle introduces substantial improvements to the IPS thanks to Suricata 8.0.1, adds automated reporting and external telemetry, and updates the build chain and numerous packages; for the current users only need to update the installation from the IPFire console itself.
IPFire 2.29 Core Update 198 introduces new IPS features with Suricata 8.0.1
The intrusion prevention engine incorporates Suricata 8.0.1 with compiled rules cache for near-instant startup, more robust memory management, and expanded coverage of modern protocols such as DNS-over-HTTP/2, mDNS, LDAP, POP3, SDP in SIP, SIP over TCP, and WebSocket.
On an operational level, the IPS can send real-time email notifications When an event exceeds a defined threshold, schedule PDF reports (daily, weekly, or monthly) and forward alerts to remote syslog servers for external logging and long-term preservation.
These three channels — immediate notification, scheduled summaries and registration outside the firewall itself— They strengthen traceability and facilitate a rapid response, even if the device loses access or is compromised.
Updated build stack and packages
Under the hood, IPFire 2.29 CU198 updates the toolchain to GCC 15.2.0, GNU Binutils 2.42 and glibc 2.42, incorporating security fixes and performance improvements that impact the entire build ecosystem.
Alongside this, recent versions of multiple base components are arriving, with a focus on stability and hardening; among the key packages include:
- BIND 9.20.13 cURL 8.16.0 iproute2 6.16.0 LVM2 2.03.35 Btrfs-progs 6.16 CMake 4.1.1
- Meson 1.9.0 GNU nano 8.6 PCRE2 10.46 p11-kit 0.25.8
- ruby 3.4.5 SQLite 3.5.4 sudo 1.9.17p2, whois 5.6.4
- xfsprogs 6.16.0 zlib-ng 2.2.5 abseil-cpp 20250814.0
The revision also refreshes utilities and libraries such as less 679, libarchive 3.8.1, libconfig 1.8.1, libffi 3.5.2, libinih 61, libgcrypt 1.11.2, libssh 0.11.3, libtirpc 1.3.7, libxml2 2.14.6, lsof 4.99.5 and lzip 1.25, increasing system consistency.
Add-ons and additional tools
In the add-on ecosystem, updates are made Samba 4.22.4, Git 2.51.0, HAProxy 3.2.4, QEMU and Guest Agent 10.1.0, Postfix 3.10.4, Nmap 7.98, nginx 1.29.1 and Ncat 7.98, among others, supporting advanced deployments and mixed use cases.
Also included are new versions of iptraf-ng 1.2.2, fping 5.4, BorgBackup 1.4.1, iotop 1.30, mtr 0.96, Lynis 3.1.5, dehydrated 0.7.2, rpcbind 1.2.8, strace 6.16, tshark 4.4.9, wsdd 0.9, and Opus 1.5.2. nut 2.8.4completing a very extensive maintenance round.
Performance and architecture
The project highlights specific improvements in ARM64This is because the Vectorscan library introduces optimized pattern matching algorithms that leverage vector instructions, speeding up detection without sacrificing accuracy.
Security: microcode, startup and fixes on the web UI
Are included Intel microcode patches to address recent vulnerabilities, as well as GRUB updates that fix several identified flaws in the bootloader, strengthening the chain of trust from the start.
In addition, 18 input validation vulnerabilities in the web interface have been fixed, documented as CVE-2025-34301 and CVE-2025-34318The responsible reporting—with contributions from firms like VulnCheck and Pellera Technologies—allows the community to understand the scope and quickly implement mitigations.
Availability and update process
IPFire 2.29 CU198 can be downloaded as an ISO or USB image for x86_64 and ARM64 From the official website. Those who already have IPFire only need to apply the update from the administration panel; afterwards, it's advisable to review the email alert thresholds, PDF scheduling, and syslog forwarding to take advantage of the new reporting workflow.