Hey. So I want to set up IPFire in my home network. I’m new to IPFire so please correct any misunderstandings I might have. I’m studying IT Security and IPFire was briefly mentioned by an instructor which piqued my interest.
So my thought is to set up IPFire on my Raspberry Pi 4b. Just need to get an USB-Ethernet dongle and a switch. My thought is to use it as my router instead of the crappy Asus one I have currently. I don’t know if a raspberry pi can make a wifi access point for my wireless devices, but it isn’t something I really care about currently, worst case I can get a cheap WiFi AP to connect to my Switch.
I’m not worried about my traffic overloading the Raspberry, I only use my desktop PC and my phone on WiFi and don’t really do anything that goes hard on my bandwidth. I am curious about the IPS though. I want to use the IPS part of IPFire but as that seems like it could be quite resource heavy, I am unsure how it would work on a raspberry. I checked the Wiki for it but didn’t really find anything out that would apply in my situation, but that might just be my poor research skills. Also wondering if there’s any sort of community rules for it so I won’t have to set all that up manually. I know Snort is available with community rules, but that’s just an IDS when I want an IPS.
If i don’t completely misremember, there’s also a built in firewall in IPFire. How good is it, roughly?
Yes, IPFire will definitely perform better than an ASUS router.
I have never touched the fourth version of the RPis, but they are generally all not the most ideal choice of hardware. They are a little bit slow and networking over USB is not a lot of fun. However, they are good enough to make your start…
This requires a lot of CPU power. The RPi 4 might be good enough for a single user, but you can simply benchmark this and check the CPU load with something like “htop”.
Yes, you will have a couple of choices to pick from.
LOL. IPFire primarily is a firewall and it is excellent. It is being used by millions of people every single day in different kinds of organisations: Universities, Schools, Government authorities, data centers protecting critical infrastructure, loads of small to large businesses, and of course in people’s homes.
Thank you for your reply. I’ll give it a shot with my Raspberry. Worst case, I’ll just disable the IPS if it can’t handle it until I am able to get something more suitable to handle the load. Just one last question. Does it have anything similar to unattended upgrades, to keep it up to date automatically?
The IPS will work, it might just limit your throughput. I would be interested to know how much it can achieve…
No, this is difficult to implement because sometimes the firewall needs to be rebooted which could disrupt people working. But an update is only a simple click and that is it.
Since @ms already answered to most of your questions, I just take the liberty to comment on this one:
There is no really answer to this question, as “good” or “bad” depend on a bunch of other factors: If you are running an outdated and/or vulnerable software or operating system behind it (see here for some thoughts on that topic), any firewall will sooner or later fail to protect you. Same goes for overcredulous configurations, or accidental mistakes when building your firewall ruleset - you get the idea.
A while ago, I tried to write down some recommendations regarding information security. While they might sound pretty basic, I think it is important to get the idea of a reasonably secure, well-configured firewall being a part of your network security. However, it can never be a silver bullet, solving all of your security issues on its own. (And yes, good infosec is hard. )
Please refer to this article on recommendations for building and maintaining a good firewall ruleset. Especially limiting outgoing connections to the bare minimum is important. Similar advisories are available for IPFire’s DNS configuration and its IPS.
Sorry for not being able to give you a simple, satisfying answer (as most sales people and commercial firewall vendors do). IPFire is a pretty good start, but not the entire picture. It is, of course, way better than some proprietary firewall appliances.
No, for various reasons. Please give your IPFire some attention every now and then - it is not meant to be set up and then forgotten about.
Alright that sounds good. I’ll give it a shot tomorrow when I can go to the store and pick up the switch and USB dongle, test it and let you know how it works. Thanks for your help!
EDIT: Saw the new reply now. Thanks for the documentation, I’ll have a read through that as well.
)