From 9943f559d4ab567c3aa7fa77872a552a1f3f80cc Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 29 Jan 2026 10:47:46 +0000
Subject: [PATCH 1/3] docs: clarify why port 6061 is TCP-only in firewall
 config

Co-authored-by: Amygos <510232+Amygos@users.noreply.github.com>
---
 imageroot/actions/create-module/20firewall | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/imageroot/actions/create-module/20firewall b/imageroot/actions/create-module/20firewall
index 8d5e779..a8ec7b9 100755
--- a/imageroot/actions/create-module/20firewall
+++ b/imageroot/actions/create-module/20firewall
@@ -9,10 +9,13 @@ import os
 import agent
 
 # Open SIP (5060), SIPS (5061), custom port (6060,6061) and RTP range (10000-20000)
+# Note: Port 6061 is TCP-only because it's used for TLS (SIPS), which requires TCP.
+# Port 5061 includes UDP in the range notation (5060-5061/udp) for simplicity,
+# but SIPS/TLS on 5061 only uses TCP in practice.
 agent.assert_exp(agent.add_public_service(os.environ['MODULE_ID'], [
     "5060-5061/tcp",
     "5060-5061/udp",
     "6060/tcp",
     "6060/udp",
-    "6061/tcp",
+    "6061/tcp",  # TLS/SIPS - TCP only (TLS requires TCP)
     "10000-20000/udp"]))

From cb4d448f4b4fdc41e94ff2cef4c876eb3bdeb33d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 29 Jan 2026 11:01:36 +0000
Subject: [PATCH 2/3] feat: add 6061/udp to firewall configuration for
 consistency

Co-authored-by: Amygos <510232+Amygos@users.noreply.github.com>
---
 imageroot/actions/create-module/20firewall | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/imageroot/actions/create-module/20firewall b/imageroot/actions/create-module/20firewall
index a8ec7b9..1f32868 100755
--- a/imageroot/actions/create-module/20firewall
+++ b/imageroot/actions/create-module/20firewall
@@ -9,13 +9,11 @@ import os
 import agent
 
 # Open SIP (5060), SIPS (5061), custom port (6060,6061) and RTP range (10000-20000)
-# Note: Port 6061 is TCP-only because it's used for TLS (SIPS), which requires TCP.
-# Port 5061 includes UDP in the range notation (5060-5061/udp) for simplicity,
-# but SIPS/TLS on 5061 only uses TCP in practice.
 agent.assert_exp(agent.add_public_service(os.environ['MODULE_ID'], [
     "5060-5061/tcp",
     "5060-5061/udp",
     "6060/tcp",
     "6060/udp",
-    "6061/tcp",  # TLS/SIPS - TCP only (TLS requires TCP)
+    "6061/tcp",
+    "6061/udp",
     "10000-20000/udp"]))

From 2690edbe042ce625b868a0a31856c97622b0c8d5 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 29 Jan 2026 11:07:45 +0000
Subject: [PATCH 3/3] refactor: use range pattern for ports 6060-6061

Co-authored-by: Amygos <510232+Amygos@users.noreply.github.com>
---
 imageroot/actions/create-module/20firewall | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/imageroot/actions/create-module/20firewall b/imageroot/actions/create-module/20firewall
index 1f32868..2090406 100755
--- a/imageroot/actions/create-module/20firewall
+++ b/imageroot/actions/create-module/20firewall
@@ -12,8 +12,6 @@ import agent
 agent.assert_exp(agent.add_public_service(os.environ['MODULE_ID'], [
     "5060-5061/tcp",
     "5060-5061/udp",
-    "6060/tcp",
-    "6060/udp",
-    "6061/tcp",
-    "6061/udp",
+    "6060-6061/tcp",
+    "6060-6061/udp",
     "10000-20000/udp"]))