Is there a definitive guide to firewall rules?
Noob question. I set up a software probe a couple of days ago on a Linux box that uses Universal FireWall (UFW). I've no problem with the required internal ports and the probe seems to be working as intended but would like to know if there's a definitive list of ports and protocols that I can apply to get the maximum benefit to the data?
On 2021-06-20 17:22, Peter Garner (iPad) wrote:
Noob question. I set up a software probe a couple of days ago on a Linux box that uses Universal FireWall (UFW). I've no problem with the required internal ports and the probe seems to be working as intended but would like to know if there's a definitive list of ports and protocols that I can apply to get the maximum benefit to the data?
Hello, There's an entry in the FAQ (https://atlas.ripe.net/about/faq/): <quote> So which services do I need for my probe to work? The absolute minimum set is DHCP, DNS and outgoing TCP port 443 (HTTPS) in order to allow the probe to connect to the network. However, this in itself is not enough to do measurements, which is the entire focus of RIPE Atlas. The more kinds of outgoing traffic you allow, the more measurements will have a chance of succeeding. So please, at a minimum, also permit outgoing ICMP, UDP (DNS + traceroute + NTP) and TCP for traceroute and HTTP(S). Permitting outgoing DNS to any server is a must in order to be useful for non-local-resolver queries. For incoming traffic: the probes don't provide real accessible services, so incoming ICMP/ping and UDP/traceroute should be enough. </quote> I hope this helps, Robert
participants (2)
-
Peter Garner (iPad)
-
Robert Kisteleki