If the title is not appropriate, please change it. 
In my opinion, what would give IPFire a higher level of perimeter security would be the ability to perform hash queries against the existing intelligence in the Cloud on all the requests IPFire makes regarding website visits or file downloads, etc.
Let me explain:
There are online services that allow you to upload files, URLs, etc. to be analyzed by collective intelligence engines, which determine whether the sample is good or bad.
Many of these tools allow you to query what has already been analyzed via an API to facilitate the analysis of an already analyzed sample.
For example, the following come to mind:
- Virustotal:
API → VirusTotal API v3 Overview
- Any.run:
I think it’s subscription-based and I don’t know if it has a public API.
- Falcon Sandbox:
API → Free Automated Malware Analysis Service - powered by Falcon Sandbox - Falcon Sandbox Public API v2.0
I know the complexity of this and/or its feasibility, since I imagine that at least one “man in the middle” would be necessary in the proxy to perform the captures and be able to report the hashes to verify their existence as an already analyzed element and determine its nature.
The idea would be to generate a hash and upload it to these platforms. This way, IPFire would automatically get a response as to whether it’s good or bad and act according to a series of thresholds or parameters we can define.
This isn’t a petition or a feature request. Just a dream, as I mentioned in the title.
Sorry for the English. It’s not my strong suit.
Best regards.
