IFIREWALL(8) | System Manager's Manual | IFIREWALL(8) |
ipmiutil_firewall - configure the IPMI firmware firewall functions
ipmiutil firewall [-mxNUPREFJTVY] parameters
This ipmiutil firewall command supports the IPMI Firmware Firewall capability. It may be used to add or remove security-based restrictions on certain commands/command sub-functions or to list the current firmware firewall restrictions set on any commands. For each firmware firewall command listed below, parameters may be included to cause the command to be executed with increasing granularity on a specific LUN, for a specific NetFn, for a specific IPMI Command, and finally for a specific command's sub-function. See Appendix H in the IPMI 2.0 Specification for a listing of any sub-function numbers that may be associated with a particular command.
This utility can use either the /dev/ipmi0 driver from OpenIPMI, the /dev/imb driver from Intel, the /dev/ipmikcs driver from valinux, direct user-space IOs, or the IPMI LAN interface if -N.
Command line options are described below.
Parameter syntax and dependencies are as follows:
firewall [channel H] [lun L [ netfn N [command C [subfn S]]]]
Note that if "netfn N" is specified, then "lun L" must also be specified; if "command C" is specified, then "netfn N" (and therefore "lun L") must also be specified, and so forth.
"channel H" is an optional and standalone parameter. If not specified, the requested operation will be performed on the current channel. Note that command support may vary from channel to channel.
Firmware firewall commands:
List firmware firewall information for the specified LUN, NetFn, and Command (if supplied) on the current or specified channel. Listed information includes the support, configurable, and enabled bits for the specified command or commands.
Some usage examples:
This command will list firmware firewall information for all NetFns for the specified LUN on either the current or the specified channel.
This command will print out all command information for a single LUN/NetFn pair.
This prints out detailed, human-readable information showing the support, configurable, and enabled bits for the specified command on the specified LUN/NetFn pair. Information will be printed about each of the command subfunctions.
Print out information for a specific sub-function.
This command is used to enable commands for a given NetFn/LUN combination on the specified channel.
This command is used to disable commands for a given NetFn/LUN combination on the specified channel. Great care should be taken if using the "force" option so as not to disable the "Set Command Enables" command.
This command may be used to reset the firmware firewall back to a state where all commands and command sub-functions are enabled.
ipmiutil(8) ialarms(8) iconfig(8) idiscover(8) ievents(8) ifru(8) igetevent(8) ihealth(8) ilan(8) ireset(8) isel(8) isensor(8) iserial(8) isol(8) iwdt(8)
See http://ipmiutil.sourceforge.net/ for the latest version of ipmiutil and any bug fix list.
Copyright (C) 2010 Kontron America, Inc.
See the file COPYING in the distribution for more details regarding redistribution.
This utility is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.
Andy Cress <arcress at users.sourceforge.net>
Version 1.0: 04 Jun 2010 |