Confirm UFW Firewall Rules for Optimal Performance

Community Support Linux
1

Dear ZeroTier Support Team,

Love your platform. Thanks for making it available.

I’m running version 1.14.2 on a Raspberry Pi 3 (Linux) as part of a robotics network setup, and I’d like to confirm if my current firewall rules are optimal for efficient use of ZeroTier’s resources.

Here’s my firewall configuration:

Status: active

     To                         Action      From
     --                         ------      ----
[ 1] 6001/tcp                   ALLOW IN    Anywhere                  # For RTK GPS RTCM correction data - you can ignore
[ 2] 22/tcp                     ALLOW IN    Anywhere                  # For SSH access - you can ignore
[ 3] 9993/udp                   ALLOW IN    Anywhere                  # ZeroTier primary port
[ 4] 30000:60000/udp            ALLOW IN    Anywhere                  # Covers ZeroTier secondary port (37122)
[ 5] 65288/udp                  ALLOW IN    Anywhere                  # ZeroTier tertiary port
[ 6] Anywhere/igmp              ALLOW IN    Anywhere/igmp             # For ZeroTier multicast discovery
[ 7] 6001/tcp (v6)              ALLOW IN    Anywhere (v6)             # For RTK GPS RTCM  correction data (IPv6) - you can ignore
[ 8] 22/tcp (v6)                ALLOW IN    Anywhere (v6)             # For SSH access (IPv6) - you can ignore
[ 9] 9993/udp (v6)              ALLOW IN    Anywhere (v6)             # ZeroTier primary port (IPv6)
[10] 30000:60000/udp (v6)       ALLOW IN    Anywhere (v6)             # Covers ZeroTier secondary port (IPv6)
[11] 65288/udp (v6)             ALLOW IN    Anywhere (v6)             # ZeroTier tertiary port (IPv6)

I’m hoping to run smoothly for local network discovery (via multicast) and peer-to-peer connectivity with both local and external peers. I’ve noticed in my logs that ZeroTier uses multicast (e.g., 224.0.0.1 for IGMP), which is why I added the IGMP rule.

Could you please confirm if these firewall rules are sufficient for optimal ZeroTier performance? Specifically:

  1. Are the ports 9993, 65288, and 37122 (within the 30000:60000 range) the only ones I need to allow for ZeroTier?

  2. Is allowing IGMP traffic necessary for local network discovery, or can ZeroTier function efficiently without it?

  3. Are there any additional firewall considerations for IPv6 multicast (e.g., 33:33:00:00:00:01) that I should be aware of?

Thank you for your assistance! I’d greatly appreciate any feedback or recommendations to ensure my setup is as efficient as possible.

Best regards,