feat(ufw): auto-open firewall ports after app installation

- cloudpanel: allow ftp, smtp, dns, http, https, smtps, imaps, pop3s, and admin panel ports
- coolify: allow http, https, and dashboard port after install
- pterodactyl: allow http, https, wings daemon (8080), and sftp (2022) ports
- uptime-kuma: allow app port on install
- proxmox: add open_firewall_ports() with ufw guard checks and new menu option [9]

apps/cloudpanel.sh

@@ -283,7 +283,20 @@ install_cloudpanel() {
     fi
     
     echo -e "${GREEN}[✓] Installation completed${NC}"
-    
+
+    ufw_allow 20/tcp           "CloudPanel FTP data"
+    ufw_allow 21/tcp           "CloudPanel FTP"
+    ufw_allow 25/tcp           "CloudPanel SMTP"
+    ufw_allow 53/tcp           "CloudPanel DNS (TCP)"
+    ufw_allow 53/udp           "CloudPanel DNS (UDP)"
+    ufw_allow 80/tcp           "CloudPanel HTTP"
+    ufw_allow 443/tcp          "CloudPanel HTTPS"
+    ufw_allow 465/tcp          "CloudPanel SMTPS"
+    ufw_allow 587/tcp          "CloudPanel submission"
+    ufw_allow 993/tcp          "CloudPanel IMAPS"
+    ufw_allow 995/tcp          "CloudPanel POP3S"
+    ufw_allow "${PANEL_PORT}/tcp" "CloudPanel admin"
+
     # Configure Basic Auth
     configure_cloudpanel_basic_auth
     

apps/coolify.sh

@@ -93,10 +93,14 @@ install_coolify() {
         sleep 2
     done
     
+    ufw_allow 80/tcp    "Coolify HTTP"
+    ufw_allow 443/tcp   "Coolify HTTPS"
+    ufw_allow "${PORT}/tcp" "Coolify dashboard"
+
     local duration=$(( $(date +%s) - start_time ))
     local minutes=$((duration / 60))
     local seconds=$((duration % 60))
-    
+
     echo ""
     echo -e "${GREEN}${BOLD}Installation Completed Successfully!${NC}"
     echo -e "${GRAY}Installation time: ${minutes}m ${seconds}s${NC}"

apps/proxmox.sh

@@ -306,6 +306,34 @@ show_network_info() {
     return 0
 }
 
+# ═══════════════════════════════════════════════════════════════════════════
+# Firewall
+# ═══════════════════════════════════════════════════════════════════════════
+
+open_firewall_ports() {
+    echo -e "${WHITE}${BOLD}OPEN PROXMOX FIREWALL PORTS${NC}\n"
+
+    check_proxmox || return 1
+
+    if ! command -v ufw >/dev/null 2>&1; then
+        echo -e "${YELLOW}[!] UFW is not installed on this host. Nothing to do.${NC}"
+        echo -e "${GRAY}    Proxmox uses its own pve-firewall; UFW is optional.${NC}"
+        return 0
+    fi
+    if ! ufw status 2>/dev/null | grep -q "Status: active"; then
+        echo -e "${YELLOW}[!] UFW is installed but inactive. Enable it first.${NC}"
+        return 0
+    fi
+
+    ufw_allow "${PANEL_PORT}/tcp" "Proxmox web UI"
+    ufw_allow 5900:5999/tcp      "Proxmox VNC console"
+    ufw_allow 3128/tcp           "Proxmox SPICE proxy"
+
+    echo ""
+    echo -e "${GRAY}[i] For clustered nodes, also open: 5404-5405/udp (corosync), 60000-60050/tcp (live migration).${NC}"
+    echo -e "${GRAY}[i] If using NFS storage: 111/tcp+udp and 2049/tcp.${NC}"
+}
+
 # ═══════════════════════════════════════════════════════════════════════════
 # Main Menu
 # ═══════════════════════════════════════════════════════════════════════════
@@ -321,9 +349,10 @@ show_menu() {
     echo -e "  ${CYAN}[6]${NC} View Network Info"
     echo -e "  ${PURPLE}[7]${NC} Update Proxmox VE"
     echo -e "  ${PURPLE}[8]${NC} Clear Cache"
+    echo -e "  ${PURPLE}[9]${NC} Open Firewall Ports (UFW)"
     echo -e "  ${RED}[0]${NC} Back to main menu"
     echo ""
-    echo -n "Choice [0-8]: "
+    echo -n "Choice [0-9]: "
 }
 
 main() {
@@ -331,7 +360,7 @@ main() {
         show_menu
         read -r choice
         echo ""
-        
+
         case $choice in
             1) fix_login_issue ;;
             2) restart_pve_cluster ;;
@@ -341,10 +370,11 @@ main() {
             6) show_network_info ;;
             7) update_proxmox ;;
             8) clear_cache ;;
+            9) open_firewall_ports ;;
             0) return 0 ;;
             *) echo -e "${RED}Invalid option${NC}" ;;
         esac
-        
+
         echo ""
         read -p "Press Enter to continue..."
     done

apps/pterodactyl.sh

@@ -263,7 +263,12 @@ install_pterodactyl() {
     cat > /etc/pterodactyl/config.yml
     
     [ -s /etc/pterodactyl/config.yml ] && systemctl enable --now wings
-    
+
+    ufw_allow 80/tcp   "Pterodactyl HTTP"
+    ufw_allow 443/tcp  "Pterodactyl HTTPS"
+    ufw_allow 8080/tcp "Pterodactyl Wings daemon"
+    ufw_allow 2022/tcp "Pterodactyl Wings SFTP"
+
     local duration=$(( $(date +%s) - start_time ))
     
     echo ""

apps/uptime-kuma.sh

@@ -137,18 +137,24 @@ EOF
     echo ""
     echo -e "${CYAN}Access URL: ${BOLD}http://$server_ip:$PORT${NC}"
     echo ""
-    
+
+    ufw_allow "${PORT}/tcp" "Uptime Kuma"
+
     # Optional domain configuration
     echo -e "${WHITE}Configure domain with SSL? (y/n)${NC}"
     read -n 1 -r
     echo ""
-    
+
     if [[ $REPLY =~ ^[Yy]$ ]]; then
         read -p "Domain name: " DOMAIN_NAME
         read -p "Email for SSL: " EMAIL
         echo ""
         configure_domain_ssl "$DOMAIN_NAME" "$EMAIL"
-        [ $? -eq 0 ] && echo -e "${GREEN}[✓] Domain configured: ${BOLD}https://$DOMAIN_NAME${NC}"
+        if [ $? -eq 0 ]; then
+            echo -e "${GREEN}[✓] Domain configured: ${BOLD}https://$DOMAIN_NAME${NC}"
+            ufw_allow 80/tcp  "Uptime Kuma HTTP (nginx)"
+            ufw_allow 443/tcp "Uptime Kuma HTTPS (nginx)"
+        fi
     fi
     
     echo ""