IPFire has an intuitive web user interface that allows you to create groups of hosts and networks. These can then be deployed to keep a large set of rules organized.
IPFire utilizes Stateful Packet Inspection (SPI) firewall built on top of Netfilter, the Linux packet filtering framework. This framework quickly filters packets and achieves throughputs of up to multiple tens of Gigabit per second. There are several settings to mitigate and block DoS attacks by directly filtering them at the firewall, preventing them from taking down your servers.
IPFire’s Intrusion Prevention System (IPS) analyzes your network traffic to detect exploits, leaking data, and other suspicious activity. If there is a detection, IPFire will alert you and immediately block the attacker.
If you use the default configuration, you will see that your network is split into zones, each having security policies like LAN and DMZ for risk management. You can create your configuration dictated by your network’s specific security needs. Per the devs, IPFire is updated often, keeping it fortified against arising security vulnerabilities and attack vectors.
IPFire system requirements:
You will need BitComet (ad-supported) or similar for the Torrent files.