firewalld on conductor and router
NAMP NMAP Port Scanning: nmap port scanning port scanner
The primary connection between a router and a conductor is using 930/TCP, which is an encrypted SSH connection that bears most router-to-conductor inter-process communication (IPC).
The secondary connetion is that between a router's salt-minion and a conductor's salt-master, which leverages 4505-4506/TCP.
https://docs.google.com/drawings/d/1kYhY9K9AVwd8D4fcpnakQWbfrmGLod0Mn_D8UmBPZdQ
...