Zerotier open tcp ports listening (in addition to UDP?)

On these docs:

It says zerotier listens to 3 UDP ports, but when I looked at my linux laptop with netstat I see the zerotier-one service listening on TCP ports in addition to UDP ports. Has there been a change since the documentation was written? I’d like to update my firewall rules but do I need to allow the TCP ports in addition to the UDP ports?

The TCP port is what listens for commands from zerotier-cli and the desktop UI.

Thanks! So I can block those since I only connect using the zerotier-cli locally? (can communicate via loopback instead)?

Yes it should be fine to block port 9993/TCP. (Not UDP though).

There are also some high random TCP ports associated with zerotier-one in addition to 9993. Are those also related to the gui and cli?

Had to go look up some stuff and ask a few questions. ZeroTier’s TCP control port listens on all the same ports as UDP, so that’s why you’re seeing that.

This topic was automatically closed after 30 days. New replies are no longer allowed.