IPFire, the Linux firewall distro, has just recently been updated to IPFire 2.21 – Core Update 122. The distro has been rebased from the old LTS kernel to the new Linux Kernel 4.14.50, and comes with a load of bug fixes and overall improvements.
The kernel update should improve the overall system security of IPFire 2.21, including performance updates, and also enable some level of threat mitigation against Meltdown and Spectre (but only on some architectures).
On Intel-based platforms, the microcode of the CPUs has been updated, so it will avoid any performance penalties that would be otherwise introduced by the mitigation techniques.
The drawback is that grsecurity is incompatible with any newer Linux kernels, so it has been removed from IPFire – which is also related to grsecurity’s decision to not open-source their patches.
ARM-based systems won’t be able to utilize this update, due to the kernel change which requires changes on a handful of bootloaders. For ARM-based users, the IPFire devs recommend a system backup, reinstall, and backup restore – the reinstalled system should only offer a single ARM kernel instead of multiple choices, as previously.
As a final note, the IPFire devs reported that the flash images have been merged together, creating only one image that boots on systems with serial console and normal video output. They’ve also compressed all images with the XZ algorithm, which should result in faster downloading and decompressing of the images.
To update to this latest IPFire, you will need to install IPFire 2.19 – Core Update 121 and then, the second part will automatically be installed after. After the system has completed the update, you can reboot into the new kernel.