rarias/jungle
rarias/jungle
1
0
Fork 0
Code Issues 27 Pull Requests Packages Projects Releases Wiki Activity

Block ssfhead from reaching our slurm daemon

Browse Source
This commit is contained in:
Rodrigo Arias 2023-09-08 17:20:32 +02:00
parent 77cb3c494e
commit 033a1fe97b
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
m/common/net.nix
View File

@ -23,7 +23,14 @@
allowedTCPPorts = [ 22 ]; allowedTCPPorts = [ 22 ];
# FIXME: For slurmd as it requests the compute nodes to connect to us # FIXME: For slurmd as it requests the compute nodes to connect to us
allowedTCPPortRanges = [ { from=1024; to=65535; } ]; #allowedTCPPortRanges = [ { from=1024; to=65535; } ];
extraCommands = ''
# Prevent ssfhead from contacting our slurmd daemon
iptables -A nixos-fw -p tcp -s ssfhead --dport 6817:6819 -j nixos-fw-log-refuse
# But accept traffic to slurm ports from any other node in the subnet
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 6817:6819 -j nixos-fw-accept
'';
}; };
extraHosts = '' extraHosts = ''