1IFIREWALL(8) System Manager's Manual IFIREWALL(8)
2
6 ipmiutil_firewall - configure the IPMI firmware firewall functions
7
10 ipmiutil firewall [-mxNUPREFJTVY] parameters
11
14 This ipmiutil firewall command supports the IPMI Firmware Firewall
15 capability. It may be used to add or remove security-based restric‐
16 tions on certain commands/command sub-functions or to list the current
17 firmware firewall restrictions set on any commands. For each firmware
18 firewall command listed below, parameters may be included to cause the
19 command to be executed with increasing granularity on a specific LUN,
20 for a specific NetFn, for a specific IPMI Command, and finally for a
21 specific command's sub-function. See Appendix H in the IPMI 2.0 Speci‐
22 fication for a listing of any sub-function numbers that may be associ‐
23 ated with a particular command.
24 This utility can use either the /dev/ipmi0 driver from OpenIPMI, the
26 /dev/imb driver from Intel, the /dev/ipmikcs driver from valinux,
27 direct user-space IOs, or the IPMI LAN interface if -N.
28
31 Command line options are described below.
32 -m 002000
34 Show FRU for a specific MC (e.g. bus 00, sa 20, lun 00). This
35 could be used for PICMG or ATCA blade systems. The trailing
36 character, if present, indicates SMI addressing if 's', or IPMB
37 addressing if 'i' or not present.
38 -x Causes extra debug messages to be displayed.
40 -N nodename
42 Nodename or IP address of the remote target system. If a node‐
43 name is specified, IPMI LAN interface is used. Otherwise the
44 local system management interface is used.
45 -U rmt_user
47 Remote username for the nodename given. The default is a null
48 username.
49 -P/-R rmt_pswd
51 Remote password for the nodename given. The default is a null
52 password.
53 -E Use the remote password from Environment variable IPMI_PASSWORD.
55 -F drv_t
57 Force the driver type to one of the followng: imb, va, open,
58 gnu, landesk, lan, lan2, lan2i, kcs, smb. Note that lan2i means
59 lan2 with intelplus. The default is to detect any available
60 driver type and use it.
61 -J Use the specified LanPlus cipher suite (0 thru 17):
63 0=none/none/none, 1=sha1/none/none, 2=sha1/sha1/none,
64 3=sha1/sha1/cbc128, 4=sha1/sha1/xrc4_128, 5=sha1/sha1/xrc4_40,
65 6=md5/none/none, ... 14=md5/md5/xrc4_40. Default is 3.
66 -T Use a specified IPMI LAN Authentication Type: 0=None, 1=MD2,
68 2=MD5, 4=Straight Password, 5=OEM.
69 -V Use a specified IPMI LAN privilege level. 1=Callback level,
71 2=User level, 3=Operator level, 4=Administrator level (default),
72 5=OEM level.
73 -Y Yes, do prompt the user for the IPMI LAN remote password.
75 Alternatives for the password are -E or -P.
76
79 Parameter syntax and dependencies are as follows:
80 firewall [channel H] [lun L [ netfn N [command C [subfn S]]]]
82 Note that if "netfn N" is specified, then "lun L" must also be speci‐
84 fied; if "command C" is specified, then "netfn N" (and therefore "lun
85 L") must also be specified, and so forth.
86 "channel H" is an optional and standalone parameter. If not specified,
88 the requested operation will be performed on the current channel. Note
89 that command support may vary from channel to channel.
90 Firmware firewall commands:
92 info [(Parms as described above)]
94 List firmware firewall information for the specified LUN,
96 NetFn, and Command (if supplied) on the current or speci‐
97 fied channel. Listed information includes the support,
98 configurable, and enabled bits for the specified command
99 or commands.
100 Some usage examples:
102 info [channel H] [lun L]
104 This command will list firmware firewall informa‐
106 tion for all NetFns for the specified LUN on
107 either the current or the specified channel.
108 info [channel H] [lun L [ netfn N ]
110 This command will print out all command informa‐
112 tion for a single LUN/NetFn pair.
113 info [channel H] [lun L [ netfn N [command C] ]]
115 This prints out detailed, human-readable informa‐
117 tion showing the support, configurable, and
118 enabled bits for the specified command on the
119 specified LUN/NetFn pair. Information will be
120 printed about each of the command subfunctions.
121 info [channel H] [lun L [ netfn N [command C [subfn S]]]]
123 Print out information for a specific sub-function.
125 enable [(Parms as described above)]
127 This command is used to enable commands for a given
129 NetFn/LUN combination on the specified channel.
130 disable [(Parms as described above)] [force]
132 This command is used to disable commands for a given
134 NetFn/LUN combination on the specified channel. Great
135 care should be taken if using the "force" option so as
136 not to disable the "Set Command Enables" command.
137 reset [(Parms as described above)]
139 This command may be used to reset the firmware firewall
141 back to a state where all commands and command sub-func‐
142 tions are enabled.
143
147 ipmiutil(8) ialarms(8) iconfig(8) idiscover(8) ievents(8) ifru(8)
148 igetevent(8) ihealth(8) ilan(8) ireset(8) isel(8) isensor(8) iserial(8)
149 isol(8) iwdt(8)
150
153 See http://ipmiutil.sourceforge.net/ for the latest version of ipmiutil
154 and any bug fix list.
155
158 Copyright (C) 2010 Kontron America, Inc.
159 See the file COPYING in the distribution for more details regarding
161 redistribution.
162 This utility is distributed in the hope that it will be useful, but
164 WITHOUT ANY WARRANTY.
165
168 Andy Cress <arcress at users.sourceforge.net>
169 Version 1.0: 04 Jun 2010 IFIREWALL(8)