In the setup script recommended for self-hosting, it sets up firewall rules that block all UDP ports except for one:

# setup firewall
ufw allow OpenSSH
ufw allow www
ufw allow https
ufw allow 34543/udp
ufw enable

The docs then instruct the user to start their urbit with -p 34543, which is the right port to listen on given the firewall setup, but it's easy for a user to forget that port whenever they run Urbit again. In that case, they end up with a connectivity issue where peers won't hear messages from the user until the other ship sends a message to the user first.

This issue shouldn't exist, but also if a ship is listening on a UDP port that isn't open in the firewall, then all incoming communication will have to be relayed through its sponsor, and that's a loss of both resiliency and sovereignty that should be avoidable by changing the instructions.

@drunkplato has reported that this is a frequent cause of support issues for Holium, specifically for self-hosted people.

I can think of a few things to address this. Not sure which is best:

• don't tell people to block all the UDP ports
• remind people to always use that -p argument each time they restart Vere
• modify Vere to write the -p port into a file and read it on startup (unless overridden by another -p, or maybe with a new arg that clears the configuration) so the user doesn't have to remember. It's not clear this would be a good option, since it implies Vere would have multiple locations of persistent storage, not just inside Arvo. We might decide that's not that bad of a problem, though.