[atlas] Is there a definitive guide to firewall rules?

On 2021-06-20 17:22, Peter Garner (iPad) wrote:
> Noob question. I set up a software probe a couple of days ago on a Linux box that uses Universal FireWall (UFW). I've no problem with the required internal ports and the probe seems to be working as intended but would like to know if there's a definitive list of ports and protocols that I can apply to get the maximum benefit to the data?
> 

Hello,

There's an entry in the FAQ (https://atlas.ripe.net/about/faq/):

<quote>
So which services do I need for my probe to work?

The absolute minimum set is DHCP, DNS and outgoing TCP port 443 (HTTPS) 
in order to allow the probe to connect to the network. However, this in 
itself is not enough to do measurements, which is the entire focus of 
RIPE Atlas. The more kinds of outgoing traffic you allow, the more 
measurements will have a chance of succeeding. So please, at a minimum, 
also permit outgoing ICMP, UDP (DNS + traceroute + NTP) and TCP for 
traceroute and HTTP(S). Permitting outgoing DNS to any server is a must 
in order to be useful for non-local-resolver queries.

For incoming traffic: the probes don't provide real accessible services, 
so incoming ICMP/ping and UDP/traceroute should be enough.
</quote>


I hope this helps,
Robert