Add support for unifi devices outside internal network.

ip6t-firewall-gateway

@@ -3398,7 +3398,7 @@ fi
 
 
 # ---
-# - Ubiquiti Unifi Controller (Accesspoints) Gateway
+# - Ubiquiti Unifi Controller Gateway
 # ---
 
 
@@ -3411,13 +3411,30 @@ if $local_unifi_controller_service ; then
       $ip6t -A INPUT -p udp -i $_dev -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
 
    done
+
+   # Note:
+   #    in contrast to devices at local networks, devices hosted at extern network
+   #    are only be seen, if the device is part of this array 'unifi_ap_extern_ip_arr'
+   #
+   if [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]]; then
+      for _ip in ${unifi_ap_extern_ip_arr[@]} ; do
+         $ip6t -A INPUT -p udp -s $_ip -m multiport --dports $unify_broadcast_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+         $ip6t -A INPUT -p tcp -s $_ip -m multiport --dports $unify_tcp_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A INPUT -p udp -s $_ip -m multiport --dports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+   fi
    echo_done
 else
    echo_skipped
 fi
 
+
 echononl "\t\tUbiquiti Unifi Controller Gateway - STUN to Unifi APs"
-if $local_unifi_controller_service ; then
+if $local_unifi_controller_service \
+   && [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] \
+   && [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ; then
 
    if [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] ; then
 
@@ -3427,11 +3444,20 @@ if $local_unifi_controller_service ; then
 
       done
 
-      echo_done
-   else
-      echo_skipped
-      warn "Local Unifi Controller is defined, but no Unifi APs!"
+	fi
+
+   if [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ; then
+
+      for _ip_ap in ${unifi_ap_local_ip_arr[@]} ; do
+
+         $ip6t -A OUTPUT -p udp -d $_ip_ap -m multiport --sports $unify_udp_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      done
+
    fi
+
+   echo_done
+
 else
    echo_skipped
 fi