From 0cee2fb254532f33bd6d2e493e6897626a6cc0e7 Mon Sep 17 00:00:00 2001
From: Renat Iakubov <5566361+renatus@users.noreply.github.com>
Date: Fri, 15 Aug 2025 21:09:43 +0300
Subject: [PATCH] Fix issue #789

There is a conflict between UFW and iptables-persistent / netfilter-persistent, due to a known bug in Ubuntu 22.04 https://bugs.launchpad.net/ufw/+bug/1987227 After reboot with UFW enabled, the network connectivity breaks because every single package is dropped. I was able to circumvent this bug by modifying BBB installation script so that iptables-persistent is only being installed if UFW is NOT being installed. If UFW is being installed, I'm trying to mimic iptables-persistent functionality with UFW.
---
 bbb-install.sh | 31 +++++++++++++++++++++++--------
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/bbb-install.sh b/bbb-install.sh
index a079fa9..4f6fa83 100644
--- a/bbb-install.sh
+++ b/bbb-install.sh
@@ -343,6 +343,10 @@ main() {
     install_ssl
   fi
 
+  if [ -n "$UFW" ]; then
+    setup_ufw 
+  fi
+
   if [ -n "$COTURN" ]; then
     configure_coturn
 
@@ -358,9 +362,25 @@ main() {
     # so if NAT is in use, add an iptables rule to adjust the destination IP address
     # of UDP packets sent from the turn server to FreeSWITCH.
     if [ -n "$INTERNAL_IP" ]; then
-      need_pkg iptables-persistent
-      iptables -t nat -A OUTPUT -p udp -s "$INTERNAL_IP" -d "$IP" -j DNAT --to-destination "$INTERNAL_IP"
-      netfilter-persistent save
+      # Due to Ubuntu 22.04 bug #1987227 you can't use UFW and iptables-persistent
+      # Ubuntu will be stripped of network connectivity after reboot
+      # If UFW is being installed, use UFW
+      if [ -n "$UFW" ]; then
+      # Define the NAT rule to be added
+      RULE="-A OUTPUT -p udp -s $INTERNAL_IP -d $IP -j DNAT --to-destination $INTERNAL_IP"
+      # Check if the rule already exists in /etc/ufw/before.rules to avoid duplicates
+        if ! grep -qF "$RULE" /etc/ufw/before.rules; then
+          # Insert the rule into the *nat section before the COMMIT line
+          sed -i '/^*nat/,/^COMMIT$/ {/^COMMIT$/i '"$RULE"' }' /etc/ufw/before.rules
+          # Reload UFW to apply the changes immediately
+          ufw reload
+        fi
+      # If UFW is not being installed, use iptables-persistent
+      else
+        need_pkg iptables-persistent
+        iptables -t nat -A OUTPUT -p udp -s "$INTERNAL_IP" -d "$IP" -j DNAT --to-destination "$INTERNAL_IP"
+        netfilter-persistent save
+      fi
     fi
   fi
 
@@ -368,10 +388,6 @@ main() {
 
   systemctl restart systemd-journald
 
-  if [ -n "$UFW" ]; then
-    setup_ufw 
-  fi
-
   if [ -n "$HOST" ]; then
     bbb-conf --setip "$HOST"
   else
@@ -1845,4 +1861,3 @@ HERE
 }
 
 main "$@" || exit 1
-