What ports do I need to open for Mist.io

For monitoring (outgoing traffic)

In order to enable monitoring with mist.io, a server needs to allow outgoing traffic to  UDP port 25826 for monitor.mist.io. Port 25826 is the port were collectd open source monitoring agent uses in order to send the monitoring data. So make sure outgoing traffic to monitor.mist.io for 25826 is allowed. 

For probe/ssh (incoming traffic)

In order for mist.io to be able to run properly and ping/probe/ssh VMs incoming traffic to these ips need to be whitelisted:

104.198.19.203, 35.184.67.94, 104.198.197.230, 104.154.33.164, 104.155.147.47

The list of ips is also contained as A records in dns name ips.mist.io. To get all current ips use dig

root@user:~# dig ips.mist.io
; <<>> DiG 9.9.5-3ubuntu0.9-Ubuntu <<>> ips.mist.io
...
;; ANSWER SECTION:<br>ips.mist.io.300INA104.154.231.252
ips.mist.io.		60	IN	A	35.184.67.94
ips.mist.io.		60	IN	A	104.154.33.164
ips.mist.io.		60	IN	A	104.155.147.47
ips.mist.io.		60	IN	A	104.198.19.203
ips.mist.io.		60	IN	A	104.198.197.230

To whitelist these 

root@user:~# iptables -A INPUT -s ips.mist.io -j ACCEPT

Keep in mind that when dns names are used in iptables, these are resolved when the rule is being added, so in order to keep up with changes in our infrastructure, you'll need to reapply the rules periodically so that the dns entries are re-resolved.