1IFIREWALL(8)                System Manager's Manual               IFIREWALL(8)
2
3
4

NAME

6       ipmiutil_firewall - configure the IPMI firmware firewall functions
7
8

SYNOPSIS

10       ipmiutil firewall [-mxNUPREFJTVY] parameters
11
12

DESCRIPTION

14       This  ipmiutil  firewall  command  supports  the IPMI Firmware Firewall
15       capability.  It may be used to add or  remove  security-based  restric‐
16       tions on certain commands/command sub-functions  or to list the current
17       firmware firewall restrictions set on any commands.  For each  firmware
18       firewall  command listed below, parameters may be included to cause the
19       command to be executed with increasing granularity on a  specific  LUN,
20       for  a  specific  NetFn, for a specific IPMI Command, and finally for a
21       specific command's sub-function.  See Appendix H in the IPMI 2.0 Speci‐
22       fication  for a listing of any sub-function numbers that may be associ‐
23       ated with a particular command.
24
25       This utility can use either the /dev/ipmi0 driver  from  OpenIPMI,  the
26       /dev/imb  driver  from  Intel,  the  /dev/ipmikcs  driver from valinux,
27       direct user-space IOs, or the IPMI LAN interface if -N.
28
29

OPTIONS

31       Command line options are described below.
32
33       -m 002000
34              Show FRU for a specific MC (e.g. bus 00, sa 20, lun  00).   This
35              could  be  used  for  PICMG or ATCA blade systems.  The trailing
36              character, if present, indicates SMI addressing if 's', or  IPMB
37              addressing if 'i' or not present.
38
39       -x     Causes extra debug messages to be displayed.
40
41       -N nodename
42              Nodename  or IP address of the remote target system.  If a node‐
43              name is specified, IPMI LAN interface is  used.   Otherwise  the
44              local system management interface is used.
45
46       -U rmt_user
47              Remote  username  for the nodename given.  The default is a null
48              username.
49
50       -P/-R rmt_pswd
51              Remote password for the nodename given.  The default is  a  null
52              password.
53
54       -E     Use the remote password from Environment variable IPMI_PASSWORD.
55
56       -F drv_t
57              Force  the  driver  type  to one of the followng: imb, va, open,
58              gnu, landesk, lan, lan2, lan2i, kcs, smb.  Note that lan2i means
59              lan2  with  intelplus.   The  default is to detect any available
60              driver type and use it.
61
62       -J     Use  the  specified  LanPlus   cipher   suite   (0   thru   17):
63              0=none/none/none,       1=sha1/none/none,      2=sha1/sha1/none,
64              3=sha1/sha1/cbc128,  4=sha1/sha1/xrc4_128,  5=sha1/sha1/xrc4_40,
65              6=md5/none/none, ... 14=md5/md5/xrc4_40.  Default is 3.
66
67       -T     Use  a  specified  IPMI  LAN Authentication Type: 0=None, 1=MD2,
68              2=MD5, 4=Straight Password, 5=OEM.
69
70       -V     Use a specified IPMI  LAN  privilege  level.  1=Callback  level,
71              2=User level, 3=Operator level, 4=Administrator level (default),
72              5=OEM level.
73
74       -Y     Yes, do prompt the  user  for  the  IPMI  LAN  remote  password.
75              Alternatives for the password are -E or -P.
76
77

PARAMETERS

79       Parameter syntax and dependencies are as follows:
80
81       firewall [channel H] [lun L [ netfn N [command C [subfn S]]]]
82
83       Note  that  if "netfn N" is specified, then "lun L" must also be speci‐
84       fied;  if "command C" is specified, then "netfn N" (and therefore  "lun
85       L") must also be specified, and so forth.
86
87       "channel H" is an optional and standalone parameter.  If not specified,
88       the requested operation will be performed on the current channel.  Note
89       that command support may vary from channel to channel.
90
91       Firmware firewall commands:
92
93              info [(Parms as described above)]
94
95                     List firmware firewall information for the specified LUN,
96                     NetFn, and Command (if supplied) on the current or speci‐
97                     fied  channel.   Listed information includes the support,
98                     configurable, and enabled bits for the specified  command
99                     or commands.
100
101                     Some usage examples:
102
103                     info [channel H] [lun L]
104
105                            This  command will list firmware firewall informa‐
106                            tion for all  NetFns  for  the  specified  LUN  on
107                            either the current or the specified channel.
108
109                     info [channel H] [lun L [ netfn N ]
110
111                            This  command  will print out all command informa‐
112                            tion for a single LUN/NetFn pair.
113
114                     info [channel H] [lun L [ netfn N [command C] ]]
115
116                            This prints out detailed, human-readable  informa‐
117                            tion   showing   the  support,  configurable,  and
118                            enabled bits for  the  specified  command  on  the
119                            specified  LUN/NetFn  pair.   Information  will be
120                            printed about each of the command subfunctions.
121
122                     info [channel H] [lun L [ netfn N [command C [subfn S]]]]
123
124                            Print out information for a specific sub-function.
125
126              enable [(Parms as described above)]
127
128                     This command is used  to  enable  commands  for  a  given
129                     NetFn/LUN combination on the specified channel.
130
131              disable [(Parms as described above)] [force]
132
133                     This  command  is  used  to  disable commands for a given
134                     NetFn/LUN combination on the specified  channel.    Great
135                     care  should  be  taken if using the "force" option so as
136                     not to disable the "Set Command Enables" command.
137
138              reset [(Parms as described above)]
139
140                     This command may be used to reset the  firmware  firewall
141                     back  to a state where all commands and command sub-func‐
142                     tions are enabled.
143
144
145

SEE ALSO

147       ipmiutil(8)  ialarms(8)  iconfig(8)  idiscover(8)  ievents(8)   ifru(8)
148       igetevent(8) ihealth(8) ilan(8) ireset(8) isel(8) isensor(8) iserial(8)
149       isol(8) iwdt(8)
150
151

WARNINGS

153       See http://ipmiutil.sourceforge.net/ for the latest version of ipmiutil
154       and any bug fix list.
155
156
158       Copyright (C) 2010  Kontron America, Inc.
159
160       See  the  file  COPYING  in the distribution for more details regarding
161       redistribution.
162
163       This utility is distributed in the hope that it  will  be  useful,  but
164       WITHOUT ANY WARRANTY.
165
166

AUTHOR

168       Andy Cress <arcress at users.sourceforge.net>
169
170
171
172
173                           Version 1.0: 04 Jun 2010               IFIREWALL(8)
Impressum