From af5bec8e77d85a5d3b66dca088a364dd532dd1bb Mon Sep 17 00:00:00 2001
From: twothatit <s.lustenberger@x26.ch>
Date: Sun, 8 Feb 2026 17:42:49 +0100
Subject: [PATCH] Add TCP 9000+ dashboard ports to firewall config and
 documentation

Each customer gets TCP 9000+ID (dashboard) and UDP 3478+ID (relay).
Updated install.sh firewall section, completion summary, and README.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 README.md  | 13 ++++++++++---
 install.sh | 18 +++++++++++++-----
 2 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index e08ae0c..cc82ff1 100644
--- a/README.md
+++ b/README.md
@@ -131,11 +131,18 @@ Per customer instance (5 containers): **~100 MB RAM**
 | Port | Protocol | Purpose |
 |------|----------|---------|
 | 8000 | TCP | NetBird MSP Appliance Web UI |
-| 3478+ | UDP | STUN/TURN relay (one per customer) |
+| 9000+ | TCP | NetBird Web Management per customer (one per customer, increments by 1) |
+| 3478+ | UDP | STUN/TURN relay per customer (one per customer, increments by 1) |
 
-Example: Customer 1 = UDP 3478, Customer 2 = UDP 3479, ..., Customer 100 = UDP 3577.
+Example for 3 customers:
 
-**Your firewall must allow the UDP relay ports for NetBird to function!**
+| Customer | Dashboard (TCP) | Relay (UDP) |
+|----------|----------------|-------------|
+| Kunde 1  | 9001           | 3478        |
+| Kunde 2  | 9002           | 3479        |
+| Kunde 3  | 9003           | 3480        |
+
+**Your firewall must allow both the TCP dashboard ports and the UDP relay ports!**
 
 ---
 
diff --git a/install.sh b/install.sh
index 8342e34..08ea8c4 100644
--- a/install.sh
+++ b/install.sh
@@ -432,24 +432,31 @@ clear
 echo -e "${BLUE}${BOLD}[Step 9/10]${NC} ${BLUE}Firewall Configuration${NC}\n"
 
 echo -e "${CYAN}The following firewall ports need to be opened:${NC}\n"
-echo -e "  ${YELLOW}TCP 8000${NC}      - Web UI"
-echo -e "  ${YELLOW}UDP 3478-3577${NC} - NetBird Relay/STUN (100 ports for 100 customers)\n"
+echo -e "  ${YELLOW}TCP 8000${NC}           - MSP Appliance Web UI"
+echo -e "  ${YELLOW}TCP 9001-9100${NC}      - NetBird Web Management (one per customer, increments by 1)"
+echo -e "  ${YELLOW}UDP 3478-3577${NC}      - NetBird Relay/STUN (one per customer, increments by 1)\n"
+echo -e "  ${CYAN}Example: Customer 1 = TCP 9001 + UDP 3478${NC}"
+echo -e "  ${CYAN}         Customer 2 = TCP 9002 + UDP 3479${NC}"
+echo -e "  ${CYAN}         ...${NC}\n"
 
 if command -v ufw &> /dev/null; then
     read -p "Configure firewall automatically with ufw? (yes/no): " CONFIG_FW
     if [[ "$CONFIG_FW" =~ ^[Yy]([Ee][Ss])?$ ]]; then
         ufw allow 8000/tcp comment "NetBird MSP Web UI"
+        ufw allow 9001:9100/tcp comment "NetBird Dashboard Ports"
         ufw allow 3478:3577/udp comment "NetBird Relay Ports"
         echo -e "${GREEN}✓ Firewall configured${NC}"
     else
         echo -e "${YELLOW}Please configure firewall manually:${NC}"
         echo "  sudo ufw allow 8000/tcp"
+        echo "  sudo ufw allow 9001:9100/tcp"
         echo "  sudo ufw allow 3478:3577/udp"
     fi
 else
     echo -e "${YELLOW}UFW not found. Please configure firewall manually:${NC}"
     echo "  - Allow TCP port 8000"
-    echo "  - Allow UDP ports 3478-3577"
+    echo "  - Allow TCP ports 9001-9100 (dashboard, +1 per customer)"
+    echo "  - Allow UDP ports 3478-3577 (relay, +1 per customer)"
 fi
 
 echo ""
@@ -538,8 +545,9 @@ Network:        $DOCKER_NETWORK
 
 Ports:
 ------
-Web UI:   TCP 8000
-Relay:    UDP 3478-3577
+Web UI:      TCP 8000
+Dashboard:   TCP 9001-9100 (base 9000 + customer ID, one per customer)
+Relay:       UDP 3478-3577 (one per customer)
 
 Images:
 -------