1IFIREWALL(8) System Manager's Manual IFIREWALL(8)
2
6 ipmiutil firewall - configure the IPMI firmware firewall functions
7
10 ipmiutil firewall [-mxNUPREFJTVY] <parameters>
11
14 This ipmiutil firewall command supports the IPMI Firmware Firewall
15 capability. It may be used to add or remove security-based restric‐
16 tions on certain commands/command sub-functions or to list the current
17 firmware firewall restrictions set on any commands. For each firmware
18 firewall command listed below, parameters may be included to cause the
19 command to be executed with increasing granularity on a specific LUN,
20 for a specific NetFn, for a specific IPMI Command, and finally for a
21 specific command's sub-function. See Appendix H in the IPMI 2.0 Speci‐
22 fication for a listing of any sub-function numbers that may be associ‐
23 ated with a particular command.
24 This utility can use either the /dev/ipmi0 driver from OpenIPMI, the
26 /dev/imb driver from Intel, the /dev/ipmikcs driver from valinux,
27 direct user-space IOs, or the IPMI LAN interface if -N.
28
31 Command line options are described below.
32 -m 002000
34 Show FRU for a specific MC (e.g. bus 00, sa 20, lun 00). This
35 could be used for PICMG or ATCA blade systems. The trailing
36 character, if present, indicates SMI addressing if 's', or IPMB
37 addressing if 'i' or not present.
38 -x Causes extra debug messages to be displayed.
40 -N nodename
42 Nodename or IP address of the remote target system. If a node‐
43 name is specified, IPMI LAN interface is used. Otherwise the
44 local system management interface is used.
45 -U rmt_user
47 Remote username for the nodename given. The default is a null
48 username.
49 -P/-R rmt_pswd
51 Remote password for the nodename given. The default is a null
52 password.
53 -E Use the remote password from Environment variable IPMI_PASSWORD.
55 -F drv_t
57 Force the driver type to one of the followng: imb, va, open,
58 gnu, landesk, lan, lan2, lan2i, kcs, smb. Note that lan2i means
59 lan2 with intelplus. The default is to detect any available
60 driver type and use it.
61 -J Use the specified LanPlus cipher suite (0 thru 14):
63 0=none/none/none, 1=sha1/none/none, 2=sha1/sha1/none,
64 3=sha1/sha1/cbc128, 4=sha1/sha1/xrc4_128, 5=sha1/sha1/xrc4_40,
65 6=md5/none/none, ... 14=md5/md5/xrc4_40. Default is 3.
66 -T Use a specified IPMI LAN Authentication Type: 0=None, 1=MD2,
68 2=MD5, 4=Straight Password, 5=OEM.
69 -V Use a specified IPMI LAN privilege level. 1=Callback level,
71 2=User level, 3=Operator level, 4=Administrator level (default),
72 5=OEM level.
73 -Y Yes, do prompt the user for the IPMI LAN remote password.
75 Alternatives for the password are -E or -P.
76
79 Parameter syntax and dependencies are as follows:
80 firewall [<channel H>] [<lun L> [ <netfn N> [<command C [<subfn S>]]]]
82 Note that if "netfn <N>" is specified, then "lun <L>" must also be
84 specified; if "command <C>" is specified, then "netfn <N>" (and there‐
85 fore "lun <L>") must also be specified, and so forth.
86 "channel <H>" is an optional and standalone parameter. If not speci‐
88 fied, the requested operation will be performed on the current channel.
89 Note that command support may vary from channel to channel.
90 Firmware firewall commands:
92 info [<Parms as described above>]
94 List firmware firewall information for the specified LUN,
96 NetFn, and Command (if supplied) on the current or speci‐
97 fied channel. Listed information includes the support,
98 configurable, and enabled bits for the specified command
99 or commands.
100 Some usage examples:
102 info [<channel H>] [<lun L>]
104 This command will list firmware firewall informa‐
106 tion for all NetFns for the specified LUN on
107 either the current or the specified channel.
108 info [<channel H>] [<lun L> [ <netfn N> ]
110 This command will print out all command informa‐
112 tion for a single LUN/NetFn pair.
113 info [<channel H>] [<lun L> [ <netfn N> [<command C] ]]
115 This prints out detailed, human-readable informa‐
117 tion showing the support, configurable, and
118 enabled bits for the specified command on the
119 specified LUN/NetFn pair. Information will be
120 printed about each of the command subfunctions.
121 info [<channel H>] [<lun L> [ <netfn N> [<command C
123 [<subfn S>]]]]
124 Print out information for a specific sub-function.
126 enable [<Parms as described above>]
128 This command is used to enable commands for a given
130 NetFn/LUN combination on the specified channel.
131 disable [<Parms as described above>] [force]
133 This command is used to disable commands for a given
135 NetFn/LUN combination on the specified channel. Great
136 care should be taken if using the "force" option so as
137 not to disable the "Set Command Enables" command.
138 reset [<Parms as described above>]
140 This command may be used to reset the firmware firewall
142 back to a state where all commands and command sub-func‐
143 tions are enabled.
144
148 ipmiutil(8) ialarms(8) iconfig(8) idiscover(8) ievents(8) ifru(8)
149 igetevent(8) ihealth(8) ilan(8) ireset(8) isel(8) isensor(8) iserial(8)
150 isol(8) iwdt(8)
151
154 See http://ipmiutil.sourceforge.net/ for the latest version of ipmiutil
155 and any bug fix list.
156
159 Copyright (C) 2010 Kontron America, Inc.
160 See the file COPYING in the distribution for more details regarding
162 redistribution.
163 This utility is distributed in the hope that it will be useful, but
165 WITHOUT ANY WARRANTY.
166
169 Andy Cress <arcress at users.sourceforge.net>
170 Version 1.0: 04 Jun 2010 IFIREWALL(8)