diff --git a/m/common/net.nix b/m/common/net.nix
index 2057143..57f15be 100644
--- a/m/common/net.nix
+++ b/m/common/net.nix
@@ -30,6 +30,8 @@
         iptables -A nixos-fw -p tcp -s ssfhead --dport 6817:6819 -j nixos-fw-log-refuse
         # But accept traffic to slurm ports from any other node in the subnet
         iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 6817:6819 -j nixos-fw-accept
+        # We also need to open the srun port range
+        iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 60000:61000 -j nixos-fw-accept
       '';
     };
 
diff --git a/m/common/slurm.nix b/m/common/slurm.nix
index 988e1d8..5404d0c 100644
--- a/m/common/slurm.nix
+++ b/m/common/slurm.nix
@@ -80,6 +80,9 @@ in {
 
       # Turn the nodes off after 1 hour of inactivity
       SuspendTime=3600
+
+      # Reduce port range so we can allow only this range in the firewall
+      SrunPortRange=60000-61000
     '';
   };
 }