IPFire Hardened Linux Firewall Updated with Squid 4.5, Performance Improvements

[The AchieVer]

IPFire Hardened Linux Firewall Updated with Squid 4.5, Performance Improvements 

Michael Tremer released today IPFire 2.21 Core Update 127, a new update for this Linux-based, open-source, and state-of-the-art hardened firewall distribution that adds lots of updates and various performance improvements.

IPFire 2.21 Core Update 127 is now available as IPFire's first update in 2019, bringing numerous updated components and various improvements. The biggest change is the addition of the Squid 4.5 web proxy software, which brings interface changes with it to make its configuration easier, as well as other improvements.

"One of the major changes is that we have removed a control that allowed to configure the number of child processes for each redirector (e.g. URL filter, Update Accelerator, etc.). This is now statically configured to the number of processors," explains Michael Tremer in the release notes.

This change alone makes IPFire's URL filter, as well as other redirectors more efficient and faster, and will be launched when Squid starts. "We expect these improvements to make proxies that serve hundreds or even thousands of users at the same time to become faster by being more efficient," added Tremer.

The upgrade to Squid 4.5 also removes various features from the firewall distribution, such as the web browser check, download throttling by file extension, and authentication against Microsoft Windows NT 4.0 domains. A security issue affecting the proxy authentication against Microsoft Windows Active Directory domains was fixed as well.DNS Forwarding improvements, updated componentsApart from the massive Squid 4.5 update, the IPFire 2.21 Core Update 127 release improves the DNS forwarding feature to make it more flexible and allow it to accept hostnames and IP addresses for forwarding requests to multiple servers, as well as to support multiple IP addresses as a comma-separated list to query multiple servers for a single domain.

This release also improves support for XFS filesystems, OpenVPN  and IPsec certificate creation, and Connection Tracking support. Updated components include Python 2.7.15, Bind 9.11.5-P1, GNU wget 1.20.1, SQLite 3.26.0, Snort 2.9.12, ipvsadm 1.29, GNU tar 1.31, unbound 1.8.3, ClamAV 0.101.1, libvirt 4.10, Midnight Commander 4.8.22, and Transmission 2.94.

 

Source

[BimBamSmash]

Holy jeebers, this is the creepiest thing disguised as a feature I've ever seen! Somebody please put a leash on these tech giants!

 

Edit: Looks like the thread topic has changed. Unless I clicked on the wrong topic in hopes to reply to a thread about a Google Password Checkup extension. My old message is irrelevant to this topic now, but I still stand by what I said about that damned extension!

 

On another note, I just realized how easy it might be for one to open a topic on a message board, ask any member who is unhappy for the forum to introduce invasive ads to post a simple message with a "Yes". Once the thread has reached enough posts, change "unhappy" from the original text to "happy", lock the thread, and proceed with introducing the invasive ads and call it democracy!

[Karlston]

Earlier post...

 

 

EDIT: Sorry, I have absolutely no idea how this reply got into this thread. I added it to similar post by The Achiever in Software News, and that post is now gone.

 

Strange things happening in the forums ATM. Will leave it in case it helps finding a problem.

 

EDIT2: Unless... the original post about Chrome's Password Checkup extension was edited and replaced by this very different topic? That would explain all...