ok, this confirms the ISO has build problem, I will ask ipfire build expert about it, it is good I have working flash image 
how u install xdp in ipfire … got tutorial for it ?
it is not about install xdp in ipfire, it requires rebuild ipfire Linux kernel with ebpf/xdp support, compile and add libbpf, customized xdp-tools software add-on, and patch WebUI with DDoS features, it is lot of development work and system admin work, no simple tutorial could do that :).
1 Like
i see … hm if your iso already use let me know sir … i really need this protection
I created Custom build ipfire ISO missing libreadline library asking for IPFire devs help on the ISO build issue. I suspect there is some build process I am missing
1 Like
I do not know how or where this feature integrates with the existing firewall chain.
It seams to me that if your running this sort of thing in a VM that the host OS would need this feature to. In a shared hardware situation.
XDP not only support driver natively, it also support skb mode, meaning it does not have to deal with what real hardware is, running VM is perfect fine without host OS involved, here is network data path where XDP sit in https://upload.wikimedia.org/wikipedia/commons/3/37/Netfilter-packet-flow.svg, XDP has XDP_DROP and XDP_PASS actions, if XDP program thinks the packet is good, it returns XDP_PASS action and the packet goes like normal packet through netfilter chains.
@eykalzz I am going to build an ISO with IPFire without any of my changes, if you can help test the ISO, it would prove if any of my changes caused the ISO build issue or some issue with IPFire itself according to www.ipfire.org - IPFire 2.x - Build Howto
Just install CU184 of IPFire itself. If that works then it is clear that the default IPFire is working on the involved hardware/virtual system.
1 Like
yes, that is quick test too. I still want to build the IPFire again without any of my changes though, just to make sure my build environment is fine following the guide
IPFire offer built in protection against the DDOS attacks that can be detect and reduce various type of the ddos attacks, must ensure that these types of features are enabled.
the existing netfilter or suricata can’t handle that sufficiently in software due to netfilter/suricata limit, XDP is designed for fast packet processing, especially for DDoS scenario, XDP was born because user space DPDK driver is eating the lunch of kernel network, I actually also have pending PR for suricata to enable XDP Syncookie Suricata XDP Syncookie for IDS AF_PACKET by vincentmli · Pull Request #10694 · OISF/suricata · GitHub, also see https://youtu.be/TtD5dmkrrFQ?si=hNdIwl1tcqdPDyQS.
@eykalzz I tested the ISO from google drive myself, burned into USB, booted from my old Dell server, I can get to the installation menu and it works fine to me, it appears to be something related to your hyper v environment.
Yeah … u can install eith usb … i use dedicated from company cant install with usb 
… btw i can help u for test anything iso …
which type can protect ddos attack ? suricata cant handle ddos attack …
you can write the ISO to usb thumb drive with Linux dd command where /dev/sdb is your usb thumb drive, then plug the usb drive in your spare hardware server to install, you need to get familiar with Linux command line operation, IPFire offer you WebUI, but still it is good to learn basic Linux command line operation, that will make your work much easier
dd if=ipfire-2.29-core184-x86_64.iso of=/dev/sdb status=progress
how can i plug usb drive ? i rent dedicated server from company … :sweat_smile
do you have server physically accessible to you? does the server has usb port you can plug usb thumb drive?
Because the thread more and more changes to the topic ‘How do I install an IPFire system?’, which is discussed and described at many other places, I close this thread.
3 Likes