Zixi Security Best Practices
Firewall Settings

2min
As a general security best practice, you should minimize the amount of ports that are opened on the Firewall. The initiating side can be behind an NAT, and doesn’t need to be publicly reachable. The Zixi Broadcaster should have a publicly reachable address. 
Source IP address may be filtered to come only from certain allowed sources.
Make sure to open outgoing TCP 80 to license.zixi.com and UDP 53 to your DNS server.
﻿
iptables example rules when the listening port is UDP 2088:
Bash
iptables -A INPUT -p udp --dport 2088  -j ACCEPT
iptables -A OUTPUT -p udp --sport 2088 -m state --state ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp --dport 2088  -j ACCEPT
iptables -A OUTPUT -p udp --sport 2088 -m state --state ESTABLISHED -j ACCEPT
﻿
iptables rules example, with target port 2088:
Bash
iptables -A OUTPUT -p udp --dport 2088 -j ACCEPT
iptables -A INPUT -p udp --sport 2088 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p udp --dport 2088 -j ACCEPT
iptables -A INPUT -p udp --sport 2088 -m state --state ESTABLISHED -j ACCEPT
﻿
﻿
Stream Encryption
Remote SSH Connections