diff --git a/docs/os/os.md b/docs/os/os.md
index 3d30c74..f2e096a 100644
--- a/docs/os/os.md
+++ b/docs/os/os.md
@@ -290,8 +290,12 @@ For hardware recommendations for large Kubernetes clusters, refer to the officia
For hardware recommendations for etcd clusters in production, refer to the official [etcd documentation](https://etcd.io/docs/v3.5/op-guide/hardware/).
## Ports
-{{< ports-rke-nodes >}}
-{{< requirements_ports_rke >}}
+import PortsRKENodes from '../shared-files/_ports-rke-nodes.md';
+import RequirementsPortsRKE from '../shared-files/_requirements_ports_rke.md';
+
+
+
+
If you are using an external firewall, make sure you have this port opened between the machine you are using to run `rke` and the nodes that you are going to use in the cluster.
diff --git a/docs/shared-files/_ports-rke-nodes.md b/docs/shared-files/_ports-rke-nodes.md
new file mode 100644
index 0000000..4f7fc36
--- /dev/null
+++ b/docs/shared-files/_ports-rke-nodes.md
@@ -0,0 +1,9 @@
+**RKE node:**
+Node that runs the `rke` commands
+
+### RKE node - Outbound rules
+
+| Protocol | Port | Source | Destination | Description |
+| --- | --- | --- | --- | --- |
+| TCP | 22 | RKE node | Any node configured in Cluster Configuration File | SSH provisioning of node by RKE |
+| TCP | 6443 | RKE node | Control plane nodes | Kubernetes API server |
diff --git a/docs/shared-files/_requirements_ports_rke.md b/docs/shared-files/_requirements_ports_rke.md
new file mode 100644
index 0000000..f482726
--- /dev/null
+++ b/docs/shared-files/_requirements_ports_rke.md
@@ -0,0 +1,81 @@
+**etcd nodes:** Nodes with the role **etcd**
+
+### etcd nodes - Inbound rules
+
+| Protocol | Port | Source | Description |
+| --- | --- | --- | --- |
+| TCP | 2376 | Rancher nodes | Docker daemon TLS port used by Docker Machine (only needed when using Node Driver/Templates) |
+| TCP | 2379 | - etcd nodes
- controlplane nodes
| etcd client requests |
+| TCP | 2380 | - etcd nodes
- controlplane nodes
| etcd peer communication |
+| UDP | 8472 | - etcd nodes
- controlplane nodes
- worker nodes
| Canal/Flannel VXLAN overlay networking |
+| TCP | 9099 | - etcd node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Canal/Flannel livenessProbe/readinessProbe |
+| TCP | 10250 | - Metrics server communications with all nodes
| kubelet |
+
+### etcd nodes - Outbound rules
+
+| Protocol | Port | Destination | Description |
+| --- | --- | --- | --- |
+| TCP | 443 | | Rancher agent |
+| TCP | 379| | etcd client requests |
+| TCP | 2380 | | etcd peer communication |
+| TCP | 6443 | | Kubernetes apiserver |
+| UDP | 8472 | - etcd nodes
- controlplane nodes
- worker nodes
| Canal/Flannel VXLAN overlay networking |
+| TCP | 9099 | - etcd node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Canal/Flannel livenessProbe/readinessProbe |
+
+**controlplane nodes:** Nodes with the role **controlplane**
+
+### controlplane nodes - Inbound rules
+
+| Protocol | Port | Source | Description |
+| -------- | ---- | -------| ----------- |
+| TCP | 80 | - Any that consumes Ingress services
| Ingress controller (HTTP) |
+| TCP | 443 | - Any that consumes Ingress services
| Ingress controller (HTTPS) |
+| TCP | 2376 | | Docker daemon TLS port used by Docker Machine (only needed when using Node Driver/Templates) |
+| TCP | 6443 | - etcd nodes
- controlplane nodes
- worker nodes
| Kubernetes apiserver |
+| UDP | 472 | - etcd nodes
- controlplane nodes
- worker nodes
| Canal/Flannel VXLAN overlay networking |
+| TCP | 9099 | - controlplane node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Canal/Flannel livenessProbe/readinessProbe |
+| TCP | 10250 | - Metrics server communications with all nodes
| kubelet |
+| TCP | 10254 | - controlplane node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Ingress controller livenessProbe/readinessProbe |
+| TCP/UDP | 30000-32767 | - Any source that consumes NodePort services
| NodePort port range |
+
+### controlplane nodes - Outbound rules
+
+| Protocol | Port | Destination | Description |
+| -------- | ---- | ----------- | ----------- |
+| TCP | 443 | | Rancher agent |
+| TCP | 2379 | | etcd client requests |
+| TCP | 2380 | | etcd peer communication |
+| UDP | 8472 | - etcd nodes
- controlplane nodes
- worker nodes
| Canal/Flannel VXLAN overlay networking |
+| TCP | 9099 | - controlplane node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Canal/Flannel livenessProbe/readinessProbe |
+| TCP | 10250 | - etcd nodes
- controlplane nodes
- worker nodes
| kubelet | TCP | 10254 | - controlplane node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Ingress controller livenessProbe/readinessProbe |
+
+**Worker nodes:** Nodes with the role **worker**
+
+### Worker nodes - Inbound rules
+
+| Protocol | Port | Source | Description |
+| -------- | ---- | ------ | ----------- |
+| TCP | 22 | - **Linux worker nodes only**
- Any network that you want to be able to remotely access this node from.
| Remote access over SSH |
+| TCP | 3389 | - **Windows worker nodes only**
- Any network that you want to be able to remotely access this node from.
| Remote access over RDP |
+| TCP | 80 | - Any that consumes Ingress services
| Ingress controller (HTTP) |
+| TCP | 443 | - Any that consumes Ingress services
| Ingress controller (HTTPS) |
+| TCP | 2376 | | Docker daemon TLS port used by Docker Machine only needed when using Node Driver/Templates) |
+| UDP | 8472 | - etcd nodes
- controlplane nodes
- worker nodes
| Canal/Flannel VXLAN overlay networking |
+| TCP | 9099 | - worker node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Canal/Flannel livenessProbe/readinessProbe |
+| TCP | 10250 | - Metrics server communications with all nodes
| kubelet |
+| TCP | 10254 | - worker node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Ingress controller livenessProbe/readinessProbe |
+| TCP/UDP | 30000-32767 | - Any source that consumes NodePort services
| NodePort port range |
+
+### Worker nodes - Outbound rules
+
+| Protocol | Port | Destination | Description |
+| -------- | ---- | ----------- | ----------- |
+| TCP | 443 | | Rancher agent |
+| TCP | 6443 | | Kubernetes apiserver |
+| UDP | 8472 | - etcd nodes
- controlplane nodes
- worker nodes
| Canal/Flannel VXLAN overlay networking |
+| TCP | 9099 | - worker node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Canal/Flannel livenessProbe/readinessProbe |
+| TCP | 10254 | - worker node itself ([local traffic](#information-on-local-node-traffic), not across nodes)
| Ingress controller livenessProbe/readinessProbe |
+
+### Information on local node traffic
+
+Kubernetes health checks (`livenessProbe` and `readinessProbe`) are executed on the host itself. On most nodes, this is allowed by default. When you have applied strict host firewall (i.e., `ptables`) policies on the node, or when you are using nodes that have multiple interfaces (multi-homed), this traffic gets blocked. In this case, you have to explicitly allow this traffic in your host firewall, or in case of public/private cloud hosted machines (i.e. AWS or OpenStack), in your security group configuration. Keep in mind that when using a security group as Source or Destination in your security group, that this only applies to the private interface of the nodes/instances.