[Design] Kernel-based BMC firewall

[Andrew Jeffery]

On Sat, 2 Mar 2019, at 07:54, Joseph Reynolds wrote:
> Here is my BMC firewall design.  I'll post it as a gerrit docs review in 
> a few days if nobody steers this in a different direction.
> 
> Highlights:
>   - firewall established by default when networking starts
>   - BMC-specific firewall rules to be documented
>   - firewall logging not started by default
> 
> Enjoy,
> 
> - Joseph Reynolds
> 
> 
> # Firewall
> 
> Author:
>    Joseph Reynolds <josephreynolds1>
> Primary assignee:
>    < Name and/or IRC nic or None >
> Other contributors:
>    < Name and/or IRC nic or None >
> Created:
>    2019-03-01
> 
> ## Problem Description
> 
> OpenBMC needs an integral firewall to monitor and control its IP 
> traffic.

I think this is a bit light. What I would like to see here is a discussion of use-
cases instead of a one-sentence hand-wave. How do we want to control its
IP traffic? In what circumstances? How are we monitoring the traffic given
the limited flash space to log it?

A lot can be accomplished by simply binding the right services to the right
interfaces, or not running services that you don't need. There's no need
to firewall a closed port (unless you're trying to cloak the machine on the
network, and even then any open port is going to give the game away).

Given that BMCs tend to be on a separate management network, what are
we trying to firewall them from? Are we trying to break down the notion
that they need to be (on a separate management network)? If so there's
still the problem of broken protocols like IPMI. I'm not saying that we
shouldn't remove hurdles, but I'd like a better understanding of *why*
when we're proposing to add complexity (with associated hits to flash
space, memory usage and CPU time on a slow system).

Cheers,

Andrew