rarias/jungle
rarias/jungle
1
0
Fork 0
Code Issues 27 Pull Requests Packages Projects Releases Wiki Activity

Allow only some ports for srun

Browse Source
This commit is contained in:
Rodrigo Arias 2023-09-08 17:51:37 +02:00
parent 033a1fe97b
commit 7050c505b5
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
m/common/net.nix
View File

@ -30,6 +30,8 @@
iptables -A nixos-fw -p tcp -s ssfhead --dport 6817:6819 -j nixos-fw-log-refuse iptables -A nixos-fw -p tcp -s ssfhead --dport 6817:6819 -j nixos-fw-log-refuse
# But accept traffic to slurm ports from any other node in the subnet # But accept traffic to slurm ports from any other node in the subnet
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 6817:6819 -j nixos-fw-accept iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 6817:6819 -j nixos-fw-accept
# We also need to open the srun port range
iptables -A nixos-fw -p tcp -s 10.0.40.0/24 --dport 60000:61000 -j nixos-fw-accept
''; '';
}; };

3
m/common/slurm.nix
View File

@ -80,6 +80,9 @@ in {
# Turn the nodes off after 1 hour of inactivity # Turn the nodes off after 1 hour of inactivity
SuspendTime=3600 SuspendTime=3600
# Reduce port range so we can allow only this range in the firewall
SrunPortRange=60000-61000
''; '';
}; };
} }