Firewall settings for the "Signal" encripted communication app

Signal is a watsapp opensource alternative with an end to end encryption. I am having problems allowing the app to work behind IPFire firewall. The recommendations from the developers are the following:

Allow *, *, TCP port 443, and UDP traffic. If you have a transparent or reverse proxy it needs to support WebSockets. Signal uses a non-standard TCP port to catch filtering issues at the signaling step and also utilizes a random UDP port. All UDP ports will need to be opened. The underlying IPs are constantly changing, so it’d be hard to define accurate firewall rules.

Is it possible to use just the wui or I need to play with firewall.local setting? Unfortunately I still have problem understanding the logic behind the firewall settings. How do I say to the firewall “accept all the UDP ports”? I do not have any reverse proxy or transparent proxy.

The linux kernel doesn’t support fqdn’s in firewall rules. Special wildcards are not possible.

But with IPFire default settings this is allowed. I think you have added a rule to block https (port 443) or set the default forward policy to blocked.

Of course, I was blocking port 443! I feel really stupid now. Now it works. Thanks Arne.