The salt shell documentation seems to be unclear as to which ports are required from the salt master → salt minion (apparently not required). This suggests that the ports should be opened only from the salt marsh → salt master. (See: http://docs.saltstack.com/en/latest/topics/tutorials/firewall.html )
If, however, the commands are executed remotely on the salt master aimed at the minion, of course, the master should be able to click on the minion, and therefore this requires opening the network.
Therefore, my question is: do I need to open the salt shell ports (4505 and 4506) in both directions or do I need to run remote commands using a different protocol?
[A bit of background: My team wants the salt stack setup to control the landscape of the server in a fairly restrictive network, where each individual network route should be requested in the security concept. This is not controlled by our company, and I need to explicitly request all the necessary routes in each direction.]
source
share