From 1cfb0a2d4a5f1d1a816f81dacf563dafbbc63a10 Mon Sep 17 00:00:00 2001
From: RadekSabacky <radek@nymtech.net>
Date: Thu, 20 Nov 2025 14:26:31 +0100
Subject: [PATCH] / move uwf rules into iptables

---
 .../nym-node-setup/network-tunnel-manager.sh  |  5 +++++
 .../nym-node-prereqs-install.sh               | 19 -------------------
 2 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/scripts/nym-node-setup/network-tunnel-manager.sh b/scripts/nym-node-setup/network-tunnel-manager.sh
index 7017adbd4d..4ea1ba7556 100644
--- a/scripts/nym-node-setup/network-tunnel-manager.sh
+++ b/scripts/nym-node-setup/network-tunnel-manager.sh
@@ -591,6 +591,8 @@ apply_port_allowlist() {
     ["GroupWise"]="1677"
     ["PPTP"]="1723"
     ["RTSPAlt"]="1755"
+    ["Nym specific"]="1789"
+    ["Nym specific"]="1790"
     ["MSNP"]="1863"
     ["NFS"]="2049"
     ["CPanel"]="2082-2083"
@@ -609,6 +611,7 @@ apply_port_allowlist() {
     ["AndroidMarket"]="5228"
     ["PostgreSQL"]="5432"
     ["MongoDBDefault"]="27017"
+    ["Nym-node-api"]="8080"
     ["Electrum"]="8082"
     ["SimplifyMedia"]="8087-8088"
     ["Zcash"]="8232-8233"
@@ -617,6 +620,7 @@ apply_port_allowlist() {
     ["TeamSpeak"]="8767"
     ["MQTTS"]="8883"
     ["HTTPProxy"]="8888"
+    ["Nym Specific"]="9000"
     ["TorORPort"]="9001"
     ["TorDirPort"]="9030"
     ["Tari"]="9053"
@@ -637,6 +641,7 @@ apply_port_allowlist() {
     ["ElectrumSSL"]="50002"
     ["MOSH"]="60000-61000"
     ["Mumble"]="64738"
+    ["WireGuard"]="51822"
     ["Metadata"]="51830"
   )
 
diff --git a/scripts/nym-node-setup/nym-node-prereqs-install.sh b/scripts/nym-node-setup/nym-node-prereqs-install.sh
index e462ecb5c9..a15f24a18a 100644
--- a/scripts/nym-node-setup/nym-node-prereqs-install.sh
+++ b/scripts/nym-node-setup/nym-node-prereqs-install.sh
@@ -11,22 +11,3 @@ echo -e "\n* * * Installing needed prerequisities * * *"
 apt update  -y && apt --fix-broken install
 apt upgrade
 apt install apt ca-certificates jq curl wget ufw jq tmux pkg-config build-essential libssl-dev git ntp ntpdate neovim tree tmux tig nginx -y
-apt install ufw --fix-missing
-
-# enable & setup firewall
-echo -e "\n* * * Setting up firewall using ufw * * * "
-echo "Please enable the firewall in the next prompt for node proper routing."
-echo
-ufw enable
-ufw allow 22/tcp    # SSH - you're in control of these ports
-ufw allow 80/tcp    # HTTP
-ufw allow 443/tcp   # HTTPS
-ufw allow 1789/tcp  # Nym specific
-ufw allow 1790/tcp  # Nym specific
-ufw allow 8080/tcp  # Nym specific - nym-node-api
-ufw allow 9000/tcp  # Nym Specific - clients port
-ufw allow 9001/tcp  # Nym specific - wss port
-ufw allow 51822/udp # WireGuard
-ufw allow in on nymwg to any port 51830 proto tcp # bandwidth queries/topup - inside the tunnel
-ufw reload && \
-ufw status