Provided by: ipmiutil_2.9.7-1_i386 bug


       ipmiutil_firewall - configure the IPMI firmware firewall functions


       ipmiutil firewall [-mxNUPREFJTVY] parameters


       This  ipmiutil  firewall  command  supports  the IPMI Firmware Firewall
       capability.   It  may  be  used  to  add   or   remove   security-based
       restrictions  on certain commands/command sub-functions  or to list the
       current firmware firewall restrictions set on any commands.   For  each
       firmware  firewall  command listed below, parameters may be included to
       cause the command to be  executed  with  increasing  granularity  on  a
       specific  LUN,  for  a specific NetFn, for a specific IPMI Command, and
       finally for a specific command's sub-function.  See Appendix H  in  the
       IPMI  2.0  Specification for a listing of any sub-function numbers that
       may be associated with a particular command.

       This utility can use either the /dev/ipmi0 driver  from  OpenIPMI,  the
       /dev/imb  driver  from  Intel,  the  /dev/ipmikcs  driver from valinux,
       direct user-space IOs, or the IPMI LAN interface if -N.


       Command line options are described below.

       -m 002000
              Show FRU for a specific MC (e.g. bus 00, sa 20, lun  00).   This
              could  be  used  for  PICMG or ATCA blade systems.  The trailing
              character, if present, indicates SMI addressing if 's', or  IPMB
              addressing if 'i' or not present.

       -x     Causes extra debug messages to be displayed.

       -N nodename
              Nodename  or  IP  address  of  the  remote  target system.  If a
              nodename is specified, IPMI LAN interface  is  used.   Otherwise
              the local system management interface is used.

       -U rmt_user
              Remote  username  for the nodename given.  The default is a null

       -P/-R rmt_pswd
              Remote password for the nodename given.  The default is  a  null

       -E     Use the remote password from Environment variable IPMI_PASSWORD.

       -F drv_t
              Force  the  driver  type  to one of the followng: imb, va, open,
              gnu, landesk, lan, lan2, lan2i, kcs, smb.  Note that lan2i means
              lan2  with  intelplus.   The  default is to detect any available
              driver type and use it.

       -J     Use  the  specified  LanPlus   cipher   suite   (0   thru   17):
              0=none/none/none,       1=sha1/none/none,      2=sha1/sha1/none,
              3=sha1/sha1/cbc128,  4=sha1/sha1/xrc4_128,  5=sha1/sha1/xrc4_40,
              6=md5/none/none, ... 14=md5/md5/xrc4_40.  Default is 3.

       -T     Use  a  specified  IPMI  LAN Authentication Type: 0=None, 1=MD2,
              2=MD5, 4=Straight Password, 5=OEM.

       -V     Use a specified IPMI  LAN  privilege  level.  1=Callback  level,
              2=User level, 3=Operator level, 4=Administrator level (default),
              5=OEM level.

       -Y     Yes, do prompt the  user  for  the  IPMI  LAN  remote  password.
              Alternatives for the password are -E or -P.


       Parameter syntax and dependencies are as follows:

       firewall [channel H] [lun L [ netfn N [command C [subfn S]]]]

       Note  that  if  "netfn  N"  is  specified,  then  "lun  L" must also be
       specified;  if "command C" is specified, then "netfn N" (and  therefore
       "lun L") must also be specified, and so forth.

       "channel H" is an optional and standalone parameter.  If not specified,
       the requested operation will be performed on the current channel.  Note
       that command support may vary from channel to channel.

       Firmware firewall commands:

              info [(Parms as described above)]

                     List firmware firewall information for the specified LUN,
                     NetFn, and  Command  (if  supplied)  on  the  current  or
                     specified   channel.   Listed  information  includes  the
                     support, configurable, and enabled bits for the specified
                     command or commands.

                     Some usage examples:

                     info [channel H] [lun L]

                            This   command   will   list   firmware   firewall
                            information for all NetFns for the  specified  LUN
                            on either the current or the specified channel.

                     info [channel H] [lun L [ netfn N ]

                            This   command   will   print   out   all  command
                            information for a single LUN/NetFn pair.

                     info [channel H] [lun L [ netfn N [command C] ]]

                            This   prints   out    detailed,    human-readable
                            information showing the support, configurable, and
                            enabled bits for  the  specified  command  on  the
                            specified  LUN/NetFn  pair.   Information  will be
                            printed about each of the command subfunctions.

                     info [channel H] [lun L [ netfn N [command C [subfn S]]]]

                            Print out information for a specific sub-function.

              enable [(Parms as described above)]

                     This command is used  to  enable  commands  for  a  given
                     NetFn/LUN combination on the specified channel.

              disable [(Parms as described above)] [force]

                     This  command  is  used  to  disable commands for a given
                     NetFn/LUN combination on the specified  channel.    Great
                     care  should  be  taken if using the "force" option so as
                     not to disable the "Set Command Enables" command.

              reset [(Parms as described above)]

                     This command may be used to reset the  firmware  firewall
                     back  to  a  state  where  all  commands and command sub-
                     functions are enabled.


       ipmiutil(8)  ialarms(8)  iconfig(8)  idiscover(8)  ievents(8)   ifru(8)
       igetevent(8) ihealth(8) ilan(8) ireset(8) isel(8) isensor(8) iserial(8)
       isol(8) iwdt(8)


       See for the latest version of ipmiutil
       and any bug fix list.


       Copyright (C) 2010  Kontron America, Inc.

       See  the  file  COPYING  in the distribution for more details regarding

       This utility is distributed in the hope that it  will  be  useful,  but


       Andy Cress <arcress at>

                           Version 1.0: 04 Jun 2010               IFIREWALL(8)