Consul ports and what they are used for

Here is an overview of the firewall rules needed by Consul to operate correctly.

Ports required by Consul servers and agents:

  • 8301 (tcp and udp): Gossip protocol between agents and servers.
  • 8400 (tcp): Used for RPC communication from the commandline tools.
  • 8500 (tcp): HTTP API.
  • 8600 (tcp and udp): DNS interface.

Ports used by Consul servers only:

  • 8300 (tcp): Used to handle incoming connections by Consul agents
  • 8302 (tcp and udp): Gossip protocol between Consul servers

Regarding firewalls, this depends on your particular implementation. On a Consul server, you probably want to allow communications on all the ports mentioned above.

On a Consul agent, things get more tricky. Port 8301 needs to be open, as this is required for communication with other agents and servers. Ports 8400, 8500, 8600 depend on your use-case. If you install a consul agent on every node, there is no need to open those ports in the host firewall. Your applications can just use 127.0.0.1 to communicate with the API and DNS interface.