Well i gave it a try a real try but the features i need are not there. OPNsense is a better replacement from Untangle , only reason leaving untangle is the insane license cost for us home users. Greedy as companies. I think IPfire maybe ok for my mothers home but not for someone who relies on a more professional type firewall. IPfire is ok. but needs a lot of work… I may still set one up for my mother but not for me.
Could you give examples of features that OPNsense offers that IPFire does not?
2 Likes
They actually had people compile the drivers with tweaked settings while ipfire relies on generic Linux settings. Other distros like Ubuntu, Red hat and even Raspbain go back through and tweak settings and recompile linux-firmare. Plus they have the tools available to compile
drivers. The reason why I passed on OPNsense is there are 0 day flaws in Python. At least PHP fixed its zero day bugs about a year ago.
But I like the approach to the gateway server management of iptables, ubound, and bind9 network ipfire has. Otherwise I would write it on a commmand line or set it up in webmin with debain (modified) or ubuntu server (modified).
Why Ubuntu or Debian ( both Linux OSes ), and not a derivative of FreeBSD? 
1 Like
There are 5 flaws with the freeBSD distribution. The only issues I see is ones that the Linux ecosystem has from time to time and that is drivers when they change the Kernel. Even big outfits that are running their own distributions are having issues. This will pass.
The only things I see they can improve on is presenting Suiciatacha, or however that monitoring/firewall utility is spelled, better in the web gui.
Stating this, could you explain your transit from IPFire(Linux based) to OPNsense(FreeBSD based), please?
I’m still using ipfire. I’m just saying what is wrong with linux distros today. I would never use FreeBsd. It had worse 0 day bugs than windblows. Also FreeBSD can’t multi thread plus other system limitations. Free bsd have a different driver stack that does work, but its not tuned either for the device purposes.
The only thing that stands out that is inefficient in ipfire using sysvinit instead of systemd. But its not that big of a deal. Because I don’t care how long it takes to boot.
1 Like
Dave Mikeska did not start this topic. Mike Perugini did. And he has not replied yet why he is moving away from IPFire.
and what exactly do you want to tell us here?
If the firewall doesn’t work for you then that’s just the way it is…
Open source is generally not suitable for every user - fortunately there is plenty of choice out there
2 Likes
I know. But the post I answered was a bit misunderstanding.
Nevertheless, my statement about Linux and FreeBSD remains true, see @dr_techno 's post.
I wish this was true.
Perhaps in the linux desktop space yes
Linux server space yes.
Linux firewall space. No.
More projects are move to close source.
This is sadly lacking in growth and support.
There have bin people coming to the IPfire community because of this.
I would be a very sad day to see IPfire move to this sort of model.
1 Like
If you really dig deep into the inner workings of say “watchG**rd” it’s linux based and I’ve called them out on their errors and issues and the most i get is “start at ticket and follow along…” bull cookies when the error is systemd… IMO IPFire is the best of the best and I continue to tell my fellow IT people the same and they concur
3 Likes
If that were to happen, it would be really bad ^^
But if several People would simply support the Project monetarily and by that I don’t mean donating once a Year but rather monthly, I think we will all be able to enjoy IPFire for a long time
Unfortunately, I personally lack the knowledge to advance the project in terms of software.
But when I see how much time my Java-based OpenHAB HomeAutomation eats up - and then I’m only responsible for myself if something doesn’t work as intended…
A small monthly donation doesn’t make anyone poor - but it keeps IPFire alive
3 Likes
I asked ChatGPT: “Can you compare IPfire and Opnsense? Make the list as exhaustive as possible comparing all the features they both have, but only show the unique features for IPfire and for Opnsense”
Even if it say it finds many differences, it seems like 2FA, CARP, captive portal and cloud backup is what Opnsense have that Ipfire do not. I also believe Opnsense has WireGuard and more VLAN features. So in the grand scheme of things they are pretty similar. But if you need something that only Opnsense can offer, you are of course free to choose it.
ChatGPT:
IPFire and OPNsense are both open-source firewall solutions, each offering a range of features tailored to different network security needs. Below is a comparative overview highlighting their unique features:
IPFire Unique Features:
- Pakfire Package Management: IPFire utilizes Pakfire for managing updates and installing add-ons, allowing users to customize the system with additional functionalities. IPFire
- Web Proxy with URL Filtering: Includes a web proxy capable of caching content to speed up browsing and filtering URLs, commonly used in educational settings to block inappropriate content. TechRadar
- DNS Proxy with DNSSEC and DNS-over-TLS (DoT): Employs an internal DNS proxy that uses DNSSEC to filter attacks and can communicate securely with upstream name servers using DoT. TechRadar
- Quality of Service (QoS): Allows bandwidth allocation for critical applications like VoIP, ensuring optimal performance and preventing network congestion. TechRadar
OPNsense Unique Features:
- Modern User Interface: Offers a fully responsive, multi-language web-based interface with integrated search functionality, enhancing user experience. OPNsense
- Two-Factor Authentication (2FA): Supports 2FA throughout the system, including the user interface and services such as VPN, adding an extra layer of security. OPNsense
- High Availability and Hardware Failover (CARP): Provides automatic and seamless hardware failover with state synchronization using the Common Address Redundancy Protocol (CARP) for maximum uptime. OPNsense
- Captive Portal with Voucher Support: Includes a built-in captive portal with voucher support, commonly used in hospitality settings to control guest access to the internet. OPNsense
- Integrated Intrusion Detection and Prevention System (IDPS): Utilizes Suricata for inline intrusion detection and prevention, with support for Emerging Threats rules and user-defined rules, enhancing network security. OPNsense
- Traffic Shaping: Enables users to manage and prioritize network traffic effectively, ensuring critical applications receive the necessary bandwidth. OPNsense
- NetFlow Monitoring: Offers integrated NetFlow analysis without the need for additional plugins or tools, providing insights into network traffic patterns. OPNsense
- Plugin System: Supports a robust plugin system, allowing users to extend functionality with additional features such as Zenarmor for next-generation firewall capabilities. OPNsense
- Backup and Restore with Cloud Integration: Facilitates encrypted cloud backups of configurations to services like Google Drive, ensuring data safety and easy restoration. OPNsense
Both IPFire and OPNsense offer comprehensive firewall solutions with unique features tailored to different network security needs. Your choice between the two should align with your specific requirements and preferences.
did you notice that chat gpt never mentioned Suricata in ipfire, but its used internally?
that is why AI is dumb, it only knows what is fed to them.
They are about the same. and the extra features it has have alternative solutions if you want to deploy them.
But I know I could get ipfire to run 5 to 10 times faster, but first I have to do a go through with drivers so i know I have full control of the hardware to do that.
1 Like
Look guys, IPfire just isnt cutting it for the things i need. I would have never left Untangle if the license didnt get Fycking stupid for home user! For a home user ipfire or opnsense is good enough, I wouldnt use OPNsense in a corporate would, Sonicwall, Fortigate, etc. would have to be the corporate type. I think for my mother IPfire would be fine but for me and my group of friends that use untangle , opnsense is what we all see that match what our untangle connection has done… I gave IPfire a try, its just not what i feel is right for my needs or wants.
No problem there, we are all free to choose the things that fit us best 
But what are the things you need that IPfire isnt cutting it? I am just curious and like learn.
4 Likes
What I find interesting is most of this is all the same just different availability of controls and where. The only reason I tried ipfire is because I wanted to do something different instead of just configuring everything manually in a terminal window.
the graphs and logs are handy if you need them, however I would like to limit them to a 48 hr period or turn them most of them off entirely.
Thank you for this great post. I can only agree and urge everyone to set up a monthly donation. Donations have gone down massively and unless we can get them back up again we will have no choice but either change the model how we are funding it or we will have to shut down. Neither option is something anybody wants.
The same message goes out to other Open Source projects. Let’s save the Open Source eco system. Everyone is able to donate a couple of bucks.
This is factually very incorrect. IPFire is heavily tweaked. That is why it exists as a distribution and outperforms a general-purpose distribution in this specific use case.
The list is arbitrary and I think mostly incorrect. IPFire has features like a Captive Portal with vouchers. IPFire also has Suricata as an IPS, Traffic Shaping and a “plugin” system. So if we want to compare features (and I am sure that OPNSense has some features that IPFire doesn’t have and vice-versa) let’s do that properly and compare things for a specific use-case. Virtually no user is using all features that IPFire has to offer because that would be outright bonkers. It might be okay that some features are implemented differently. People will have to choose what suits them best.
Since there has been a lot of strong language and opinions I will close this thread here. There is little value to compare things on this very high level and we don’t need to tell each other what we think “is better” without knowing more details about the setup of individual users. Feel free to discuss specific things in separate threads.
10 Likes