Skip to main content
SaltStack Support

Firewall rules

What ports do I need to open for the salt master/minion communication across different subnets?

By default, the Salt master communicates with the minions using an AES-encrypted ZeroMQ connection. These communications are done over TCP ports 4505 and 4506, which need to be accessible on the master only. 

These ports can be changed in the master configuration file. The settings are in the publish_port (4505) setting and the ret_port (4506) setting. The minion configuration defaults the master_port to 4506.

If you are using salt-ssh you will want to ensure you open the port specified in the roster file. The default is 22.

For more details visit:

  • Was this article helpful?