Ports and Firewall
Use this page as a quick firewall reference for a TezBake baker host. Keep RPC and dashboard ports private unless you intentionally protect them with a VPN, reverse proxy, or other access control.
Common Ports
| Port | Protocol | Component | Exposure |
|---|---|---|---|
9732 |
TCP | Tezos node P2P | Public inbound recommended |
8732 |
TCP | Tezos node RPC | Local/private only |
11732 |
TCP | DAL node P2P | Public inbound recommended |
10732 |
TCP | DAL node RPC | Local/private only |
20080 |
UDP | Prism tunnel endpoint | Open only on the configured Prism public endpoint |
8733 |
TCP | TezPeak web UI | Local/private unless protected |
Suggested Firewall Rules
For a basic Linux host using ufw, open the public P2P ports:
sudo ufw allow 9732/tcp comment "Tezos P2P"
sudo ufw allow 11732/tcp comment "DAL P2P"
If this host is the public endpoint for Prism, open the configured Prism UDP port:
sudo ufw allow 20080/udp comment "TezBake Prism"
Do not expose 8732, 10732, or 8733 directly to the public internet unless you have added separate access controls.
Related Guides
- Hardware Requirements - Base network requirements
- Baking with Prism - Remote component tunnels
- TezPeak Setup - Dashboard access
- TezBake Troubleshooting - DAL connectivity checks
Any questions/comments/concerns? Please contact the Tez Capital team on Discord or Telegram