Hudson uses a TCP port to communicate with slave agents launched via JNLP. Normally this port is chosen randomly to avoid collisions, but this would make securing the system difficult. If you are not using JNLP slaves, it's recommend to disable this TCP port. Alternatively, you can specify the fixed port number so that you can configure your firewall accordingly.