AllowDenyCollection schema

JenHuang
Minnow

Posts: 23

AllowDenyCollection schema Dec 17, 2021 9:06:26 GMT

Quote

Post by JenHuang on Dec 17, 2021 9:06:26 GMT

Hi,
I am seeing there is AllowDenyCollection has been release and it include the following URIs,

"uris": [

"/redfish/v1/Chassis/{ChassisId}/NetworkAdapters/{NetworkAdapterId}/NetworkDeviceFunctions/{NetworkDeviceFunctionId}/AllowDeny",

"/redfish/v1/Systems/{ComputerSystemId}/NetworkInterfaces/{NetworkInterfaceId}/NetworkDeviceFunctions{NetworkDeviceFunctionId}/AllowDeny",

"/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/NetworkInterfaces/{NetworkInterfaceId}/NetworkDeviceFunctions{NetworkDeviceFunctionId}/AllowDeny",

"/redfish/v1/CompositionService/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/NetworkInterfaces/{NetworkInterfaceId}/NetworkDeviceFunctions{NetworkDeviceFunctionId}/AllowDeny",

"/redfish/v1/ResourceBlocks/{ResourceBlockId}/NetworkInterfaces/{NetworkInterfaceId}/NetworkDeviceFunctions{NetworkDeviceFunctionId}/AllowDeny",

"/redfish/v1/ResourceBlocks/{ResourceBlockId}/Systems/{ComputerSystemId}/NetworkInterfaces/{NetworkInterfaceId}/NetworkDeviceFunctions{NetworkDeviceFunctionId}/AllowDeny"

]

There is firewall for Managers, what is the reason for not add AllowDeny for Manager?

jautor
Administrator

Posts: 519

AllowDenyCollection schema Dec 17, 2021 16:39:09 GMT

Quote

Post by jautor on Dec 17, 2021 16:39:09 GMT

It was simply not requested... If that functionality is desired - we can discuss it (as a DMTF Redfish Forum memmber, I'd recommend opening an issue on this topic). Are you referring to the IPMI firewall functionality, or a more general "firewall" that is tied to the Manager's network interfaces?

Jeff

mraineri Administrator Posts: 1,132	AllowDenyCollection schema Dec 20, 2021 14:46:52 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by mraineri on Dec 20, 2021 14:46:52 GMT This came as part of support for SmartNICs where the hardware has programmable firewall settings. This is why it's modeled under NetworkDeviceFunction at the moment, which we do not have under Manager today.

JenHuang Minnow Posts: 23	AllowDenyCollection schema Dec 21, 2021 10:36:25 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by JenHuang on Dec 21, 2021 10:36:25 GMT This is very common functionality for BMC/Manager and we'd like to suggest add more general firewall for Manager's network interfaces.

mraineri Administrator Posts: 1,132	AllowDenyCollection schema Dec 21, 2021 13:47:01 GMT Quote Select Post Deselect Post Link to Post Back to Top Post by mraineri on Dec 21, 2021 13:47:01 GMT Thanks for the feedback! We'll need to discuss this more internally.

Post by JenHuang on Dec 17, 2021 9:06:26 GMT

Post by jautor on Dec 17, 2021 16:39:09 GMT

Post by mraineri on Dec 20, 2021 14:46:52 GMT

Post by JenHuang on Dec 21, 2021 10:36:25 GMT

Post by mraineri on Dec 21, 2021 13:47:01 GMT