Fix error concernint in-/ou-ports for unifi devices.

ip6t-firewall-gateway

@@ -4422,11 +4422,15 @@ fi
 echononl "\t\tUbiquiti Unifi Controller Gateway IN"
 if $local_unifi_controller_service \
    && ( [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] || [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ) ; then
-   
-   for _dev in ${local_if_arr[@]} ; do
 
-      $ip6t -A INPUT -i $_dev -p tcp -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
-      $ip6t -A INPUT -i $_dev -p udp -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
+
+   for _ip in ${unifi_ap_local_ip_arr[@]} ; do
+
+      $ip6t -A INPUT -p tcp -s $_ip -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A INPUT -p udp -s $_ip -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --sport $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ip6t -A OUTPUT -p udp -d $_ip -m multiport --sport $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
 
    done
 
@@ -4440,6 +4444,10 @@ if $local_unifi_controller_service \
          $ip6t -A INPUT -p tcp -s $_ip -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
          $ip6t -A INPUT -p udp -s $_ip -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
 
+
+         $ip6t -A OUTPUT -p tcp -d $_ip -m multiport --sport $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ip6t -A OUTPUT -p udp -d $_ip -m multiport --sport $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+
       done
    fi
    echo_done
@@ -4452,11 +4460,11 @@ echononl "\t\tUbiquiti Unifi Controller Gateway OUT (unrestricted)"
 if $local_unifi_controller_service \
    && ( [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] || [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ) ; then
 
-   $ip6t -A OUTPUT -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
-   $ip6t -A OUTPUT -p udp -m multiport --dports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A OUTPUT -p tcp -m multiport --sports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A OUTPUT -p udp -m multiport --sports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
 
-   $ip6t -A INPUT -p tcp -m multiport --sports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
-   $ip6t -A INPUT -p udp -m multiport --sports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A INPUT -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+   $ip6t -A INPUT -p udp -m multiport --dports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
 
    if $kernel_activate_forwarding ; then
       $ip6t -A FORWARD -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT

ipt-firewall-gateway

@@ -5228,10 +5228,13 @@ echononl "\t\tUbiquiti Unifi Controller Gateway IN from Unifi devicess"
 if $local_unifi_controller_service \
    && ( [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] || [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ) ; then
 
-   for _dev in ${local_if_arr[@]} ; do
+   for _ip in ${unifi_ap_local_ip_arr[@]} ; do
 
-      $ipt -A INPUT -i $_dev -p tcp -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
-      $ipt -A INPUT -i $_dev -p udp -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p tcp -s $_ip -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A INPUT -p udp -s $_ip -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
+
+      $ipt -A OUTPUT -p tcp -d $_ip -m multiport --sport $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+      $ipt -A OUTPUT -p udp -d $_ip -m multiport --sport $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
 
    done
 
@@ -5245,6 +5248,9 @@ if $local_unifi_controller_service \
          $ipt -A INPUT -p tcp -s $_ip -m multiport --dports $unifi_tcp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
          $ipt -A INPUT -p udp -s $_ip -m multiport --dports $unifi_udp_ctrl_in_ports -m conntrack --ctstate NEW -j ACCEPT
 
+         $ipt -A OUTPUT -p tcp -d $_ip -m multiport --sport $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+         $ipt -A OUTPUT -p udp -d $_ip -m multiport --sport $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+
       done
    fi
    echo_done
@@ -5257,11 +5263,11 @@ echononl "\t\tUbiquiti Unifi Controller Gateway OUT (unrestricted)"
 if $local_unifi_controller_service \
    && ( [[ ${#unifi_ap_local_ip_arr[@]} -gt 0 ]] || [[ ${#unifi_ap_extern_ip_arr[@]} -gt 0 ]] ) ; then
 
-   $ipt -A OUTPUT -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
-   $ipt -A OUTPUT -p udp -m multiport --dports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -p tcp -m multiport --sports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A OUTPUT -p udp -m multiport --sports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
 
-   $ipt -A INPUT -p tcp -m multiport --sports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
-   $ipt -A INPUT -p udp -m multiport --sports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A INPUT -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
+   $ipt -A INPUT -p udp -m multiport --dports $unifi_udp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT
 
    if $kernel_activate_forwarding ; then
       $ipt -A FORWARD -p tcp -m multiport --dports $unifi_tcp_ctrl_out_ports -m conntrack --ctstate NEW -j ACCEPT