diff --git a/devices/srv1/default.nix b/devices/srv1/default.nix
index 1903330a..6c5a8d99 100644
--- a/devices/srv1/default.nix
+++ b/devices/srv1/default.nix
@@ -63,6 +63,7 @@ inputs:
             old = [ "srv1-node1" "srv1-node2" "srv1-node3" ];
           };
           tui = { cpuMpiThreads = 8; cpuOpenmpThreads = 10; };
+          setupFirewall = true;
         };
       };
       user.users = [ "chn" ];
diff --git a/modules/services/slurm.nix b/modules/services/slurm.nix
index fda95ab2..66ab1f30 100644
--- a/modules/services/slurm.nix
+++ b/modules/services/slurm.nix
@@ -29,6 +29,8 @@ inputs:
       cpuOpenmpThreads = mkOption { type = types.ints.unsigned; default = 1; };
       gpus = mkOption { type = types.nullOr (types.attrsOf types.ints.unsigned); default = null; };
     };
+    # 是否打开防火墙相应端口，对于多节点部署需要打开
+    setupFirewall = mkOption { type = types.bool; default = false; };
   };
   config = let inherit (inputs.config.nixos.services) slurm; in inputs.lib.mkIf slurm.enable (inputs.lib.mkMerge
   [
@@ -139,6 +141,9 @@ inputs:
         sopsFile = "${builtins.dirOf inputs.config.sops.defaultSopsFile}/munge.key";
         owner = inputs.config.systemd.services.munged.serviceConfig.User;
       };
+      networking.firewall =
+        let config = inputs.lib.mkIf slurm.setupFirewall [ 6818 ];
+        in { allowedTCPPorts = config; allowedUDPPorts = config; };
     }
     # master 配置
     (inputs.lib.mkIf (slurm.master == inputs.config.nixos.system.networking.hostname)
@@ -182,6 +187,9 @@ inputs:
         CpuOpenmpThreads = slurm.tui.cpuOpenmpThreads;
         GpuIds = slurm.tui.gpus;
       };
+      networking.firewall =
+        let config = inputs.lib.mkIf slurm.setupFirewall [ 6817 ];
+        in { allowedTCPPorts = config; allowedUDPPorts = config; };
     })
   ]);
 }