Don't log SLURM connection attempts from ssfhead

This commit is contained in:
Rodrigo Arias 2023-10-04 08:19:09 +02:00 committed by rodarima
parent d52d22e0db
commit 67a4905a0a

View File

@ -23,7 +23,7 @@
allowedTCPPorts = [ 22 ];
extraCommands = ''
# Prevent ssfhead from contacting our slurmd daemon
iptables -A nixos-fw -p tcp -s ssfhead --dport 6817:6819 -j nixos-fw-log-refuse
iptables -A nixos-fw -p tcp -s ssfhead --dport 6817:6819 -j nixos-fw-refuse
# But accept traffic to slurm ports from any other node in the subnet
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 6817:6819 -j nixos-fw-accept
# We also need to open the srun port range