shawn wilson wrote the following on 6/2/2014 11:06 AM:
On Mon, Jun 2, 2014 at 10:14 AM, Jared Mauch <jared@puck.nether.net> wrote:
My IPMI (super micro) you can put v6 and v4 filters into for protecting the ip space from trusted sources. Has my home static ip ranges and a few intermediary ranges that I also have access to.
Mmmm, and an ip has never been spoofed and no arp poisoned. And I wonder how good these filters are in their TCP stack implementation - not something I'd trust :)
We just reported a bug to Dell regarding their last 2 generations of remote access controllers where the firewall rules only apply to TCP and not to ICMP or UDP. Their first response was to replace the motherboard. Second response was that this is just how they work. Not looking good. We run our IPMI interfaces behind stateless ACLs, accessible from VPN or trusted ranges. --Blake