From d309c773eac0592f253f1f08c54d115acb921d82 Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Sun, 31 May 2026 14:01:29 -0500
Subject: feat(firewall): open mosh UDP port range in ufw rules

archsetup installs mosh, but the ufw rule list never opened its UDP range. A fresh install or rerun leaves incoming mosh blocked until the port is added by hand. I added 60000:61000/udp to the declarative rule loop so the firewall config reproduces a working mosh setup on rebuild.
---
 archsetup | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/archsetup b/archsetup
index ae6d676..b44fe16 100755
--- a/archsetup
+++ b/archsetup
@@ -1283,6 +1283,7 @@ EOF
             "42000/tcp" "42000/udp" \
             "42001/tcp" "42001/udp" \
             "5353/tcp" "5353/udp" \
+            "60000:61000/udp" \
             "transmission" \
         ; do
         # IMAP/IMAPS: Thunderbird email client
@@ -1291,6 +1292,7 @@ EOF
         # 42000/tcp,udp: Warpinator file transfers
         # 42001/tcp,udp: Warpinator registration/auth
         # 5353/tcp,udp: mDNS/Avahi local network discovery
+        # 60000:61000/udp: mosh roaming SSH sessions
         # transmission: BitTorrent client
         action="adding ufw rule to allow $protocol" && display "task" "$action"
         (ufw allow "$protocol"  >> "$logfile" 2>&1) || error_warn "$action" "$?"
-- 
cgit v1.2.3