From 100f63b9161de0c3e904022dc7f33a835db5aabf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C5=A0imon=20Kraj=C5=88=C3=A1k?= <simonkrajnak388@gmail.com>
Date: Mon, 30 Jun 2025 23:13:37 +0200
Subject: [PATCH] Update ip_security.go

Allow Electrum BTC wallet related ports (50001, 50002).
---
 ip_security.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ip_security.go b/ip_security.go
index 2569b8c..39fa37a 100644
--- a/ip_security.go
+++ b/ip_security.go
@@ -120,6 +120,7 @@ func (self *EgressSecurityPolicy) inspect(provideMode protocol.ProvideMode, pack
 	//   see https://support.apple.com/en-us/103229
 	// - block bittorrent (6881-6889)
 	// - FIXME temporarily enabling 53 and 80 until inline protocol translation is implemented
+	// - allow Electrum related ports (50001, 50002)
 	// TODO in the future, allow a control message to dynamically adjust the security rules
 	allow := func() bool {
 		dPort := ipPath.DestinationPort
@@ -145,6 +146,9 @@ func (self *EgressSecurityPolicy) inspect(provideMode protocol.ProvideMode, pack
 		case dPort == 123, dPort == 500:
 			// apple system ports
 			return true
+		case dPort == 50001, dPort == 50002:
+			// electrum
+			return true
 		case 6881 <= dPort && dPort <= 6889, dPort == 6969:
 			// bittorrent
 			return false
@@ -205,6 +209,8 @@ func (self *IngressSecurityPolicy) inspect(provideMode protocol.ProvideMode, pac
 		// dPort := ipPath.DestinationPort
 		sPort := ipPath.SourcePort
 		switch {
+		case sPort == 50001, sPort == 50002:
+			return true
 		case 11000 <= sPort:
 			// rtp and p2p
 			// note many games use 10xxx so we allow this