I have a small cluster with Centos7. I'm trying how to use the new firewalld.
I need a rule to allow all traffic between those servers. I was able to do it with:
sudo iptables -A INPUT -s [hostname] -j ACCEPT
and it worked. But now I have to use firewall-cmd because of Centos 7. How can I add a rule to allow all traffic between my nodes? I'm trying to run MPI on them but the firewalld is rejecting the connection so the solution I thought of came to this.
My current firewall-cmd configuration is:
$ firewall-cmd --list-all
work (default, active)
interfaces: eno1
sources:
services: dhcpv6-client ipp-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
I tried to add source using this:
sudo firewall-cmd --permanent --zone=work --add-source=[host_IP]
But still couldn't make the MPI application run correctly. Then decided that the only way to enable MPI on this cluster is to make a rule to accept all traffic between the nodes. I ran those 2 commands.
sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s [server+IP] -j ACCEPT
firewall-cmd --reload
and it worked like a charm.Not sure if this is the best solution security wise though.