I just learned about IPFire through an article in the news.
I saw that there are AWS instances of ipfire that can run in a VM, but my question is a little different.
I’m curious if anyone deployed, or even recommends deploying, ipfire in a datacenter environment within a single rack as the main router/firewall? We have about 30 servers in a rack and they push about 750mbps continuously. Most have their own IPs using our own ARIN assigned subnet and a few are on DHCP.
I was thinking of putting ipFire on a Dell R620 server to test run.
So to be more specific, here are some questions:
Does ipfire have basic built in protection against SynFloods and other similar attacks?
Does ipfire support BGP peering (for use with our own public IPs)
Does ipfire support using my own IPs (ex: 104.122.123.0/24) and DHCP?
You could install IPFire on any small PC and put that LAN-side of your existing router/firewall, if you want to explore its logs and see what it is blocking
im not aware of the SynFlood protection but i have seen it blocked befor in my IDS logs
i think it does support something like BGP peering but ive never used it
it should. external ips (inbound)can be set statically or via DHCP and i do believe you can set an internal ip address outside 192.168 but whenever i setup dhcp i skip the 192.168.0 netblock because some set of ips are used internally by ipfire
Yes, it supports BGP peering with either frr or bird. I like to use the latter one.
You can choose whatever IP address you like
For such a large installation, dedicated hardware is - as almost always - a must. The IPFire Enterprise Appliance is a good choice for performance and saves some energy at the same time.
In regards to the IPFire Enterprise Appliance, I can’t seem any link anywhere (including on lightingwire labs) on pricing and how to purchase the appliance. Any tips?