diff --git a/changelog/64572.fixed.md b/changelog/64572.fixed.md
new file mode 100644
index 000000000000..5ff75f36508e
--- /dev/null
+++ b/changelog/64572.fixed.md
@@ -0,0 +1 @@
+Added salt.ufw to salt-master install on Debian and Ubuntu
diff --git a/pkg/debian/salt-master.dirs b/pkg/debian/salt-master.dirs
index faa45743bbb5..cffed208e63a 100644
--- a/pkg/debian/salt-master.dirs
+++ b/pkg/debian/salt-master.dirs
@@ -1,4 +1,5 @@
 /etc/salt/master.d
+/etc/ufw/applications.d/salt-master
 /etc/salt/pki/master/minions
 /etc/salt/pki/master/minions_autosign
 /etc/salt/pki/master/minions_denied
diff --git a/tests/pytests/integration/daemons/test_masterapi.py b/tests/pytests/integration/daemons/test_masterapi.py
index da4c9698a32c..d57eeeab0922 100644
--- a/tests/pytests/integration/daemons/test_masterapi.py
+++ b/tests/pytests/integration/daemons/test_masterapi.py
@@ -5,6 +5,7 @@
 import os
 import shutil
 import stat
+import subprocess
 
 import pytest
 
@@ -120,3 +121,23 @@ def test_autosign_grains_fail(
     )  # get minion to try to authenticate itself again
     assert salt_minion.id not in salt_key_cli.run("-l", "acc")
     assert salt_minion.id in salt_key_cli.run("-l", "un")
+
+
+@pytest.mark.skip_unless_on_linux
+@pytest.mark.slow_test
+def test_ufw_allow(salt_master, grains):
+    if grains["os_family"] != "Debian":
+        pytest.skip("Only runs on Debian family.")
+
+    expected_output = """Skipping adding existing rule
+Skipping adding existing rule (v6)
+    """
+
+    proc = subprocess.Popen(
+        "ufw allow salt\n", shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE
+    )
+    out, err = proc.communicate()
+    out_strg = out.decode()
+    err_strg = err.decode()
+    assert out_strg == expected_output
+    assert err_strg != "ERROR: Could not find a profile matching 'salt'"