This topic describes how to restrict access to the IPMI on hardware appliances to use specific trusted IP addresses. We recommend that until firmware can be applied to address the vulnerability outline in (CVE-2016-3116), that you apply this extra security measure.
Details on this firmware update are available from Supermicro, in the SMT IPMI Manual on Page 2-44 and 2-45.
Details for configuring IP Access control login to IPMI through a remote console in your web browser is on page 2-9.
Navigate to Configuration > IP Access Control, select Enable IP Access Control and click [OK] when prompted.
Click [ADD] to create a new rule and apply the following criteria:
- Policy: "Policy restriction such as ACCEPT/DROP"
- IP Addr/Mask: "IP of the host you wish to ACCEPT/DROP IPMI access from"
- Rule Number: "rule number for each policy defined"
You can modify the status of an existing rule to either ACCEPT or DROP connections for defined IPs you wish to manage through the IPMI.
- Click [ACCEPT] to apply the access rule you have modified.