Firewall rules for xfce desktop

I’m setting up OOD 3.1 on Rocky8. I’m trying to find the firewall rules needed for an xfce desktop. I don’t see anything mentioned when I search the documentation. I’ve got 22, 443, and 80 allowed so the OOD webpage shows up, but when I try to run any app I get noVNC. When I turn the firewall off the desktop works. What ports do I need to make xfce apps work?

Can you describe your what routes you’re firewalling?

443 (and I suppose 80 to redirect back to 443) are all you need on the route from anywhere to the OOD webserver.

When you try to connect to an application like noVNC, this is the route

user machine → OOD werbserver:443 → compute node:random port

I assume from your comment you’ve firewalled the compute node so that apache (the OOD webserver) cannot connect to it. The random port it opened was between min_port and max_port so maybe you can limit the number of ports they can open and firewall against those?

https://osc.github.io/ood-documentation/latest/reference/files/submit-yml/basic-bc-options.html#basic-batch-connect-options

Actually I just realized I could check the ports on our old OOD v1.6 server. 9100 was opened on that one. I added 9100 to my firewall list (and added it in ansible) and it’s working now. I’m not sure why 9100 makes it work, that might be something on our cluster specifically that was setup by my predecessor.