NTM: add 9000

[serinko]

trying to make socks5 behind nymvpn by adding 9000 to exit policy rules

---

This change is 

Summary by CodeRabbit

• New Features
  • WebSocket service now available on TCP/UDP port 9000.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
nym-explorer-v2	Ready	Preview, Comment	Jun 4, 2026 5:07pm

[coderabbitai]

📝 Walkthrough

Walkthrough

One line added to the WireGuard exit policy port allowlist in the network tunnel manager script, configuring the "WebSocket" service to use TCP/UDP port 9000.

Changes

WebSocket Service Port Mapping

Layer / File(s)	Summary
WebSocket service port mapping scripts/nym-node-setup/network-tunnel-manager.sh	Adds a new "WebSocket" service entry to the PORT_MAPPINGS allowlist with port 9000, enabling WireGuard exit policy rules for WebSocket traffic on that port within the network tunnel manager configuration.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• nymtech/nym#6807: Modifies the same WireGuard exit-policy allowlist (PORT_MAPPINGS) in network-tunnel-manager.sh, with this PR adding WebSocket→9000 and the related PR adding other service→port entries.

Suggested reviewers

• merve64

Poem

🐰 A tunnel opens, port nine-thousand wide,
WebSocket whispers find their way inside,
One line of script, simple and clean,
The nimblest change we've ever seen! 📡

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Title check	❓ Inconclusive	The title 'NTM: add 9000' is vague and lacks specificity about what is being added or why, using only abbreviated notation and a port number without context.	Consider using a more descriptive title like 'NTM: Add WebSocket port 9000 to exit policy allowlist' to clearly convey the change and its purpose.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch serinko/ntm/update-3

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/nym-node-setup/network-tunnel-manager.sh`:
- Line 944: The associative array contains a duplicate key "WebSocket" (earlier
set to "6300") which is overwritten by the later ["WebSocket"]="9000"; update
the entry so both ports are preserved—either merge the values into one entry
(e.g., set "WebSocket" to "6300,9000" and update any parsing logic that reads
it) or use unique keys per port (e.g., "WebSocket_6300" and "WebSocket_9000") or
convert the structure to an array-of-ports; locate the duplicate "WebSocket"
entries in network-tunnel-manager.sh and apply one of these fixes and adjust any
consumer code that expects a single port value (functions/variables that read
the associative array) accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b2dc7d11-d485-49a6-82a1-a9d72f781c3f

📥 Commits

Reviewing files that changed from the base of the PR and between c7780d2 and 0e18f07.

📒 Files selected for processing (1)

• scripts/nym-node-setup/network-tunnel-manager.sh

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Duplicate associative-array key overwrites the earlier WebSocket port

Line 944 reuses the WebSocket key, so in Bash the earlier ["WebSocket"]="6300" entry is overwritten and only port 9000 remains. If the intent is to add 9000, this currently removes 6300 from the effective allowlist.

Suggested fix

-    ["WebSocket"]="6300"
+    ["WebSocketLegacy"]="6300"
@@
-    ["WebSocket"]="9000"
+    ["WebSocket"]="9000"

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/nym-node-setup/network-tunnel-manager.sh` at line 944, The
associative array contains a duplicate key "WebSocket" (earlier set to "6300")
which is overwritten by the later ["WebSocket"]="9000"; update the entry so both
ports are preserved—either merge the values into one entry (e.g., set
"WebSocket" to "6300,9000" and update any parsing logic that reads it) or use
unique keys per port (e.g., "WebSocket_6300" and "WebSocket_9000") or convert
the structure to an array-of-ports; locate the duplicate "WebSocket" entries in
network-tunnel-manager.sh and apply one of these fixes and adjust any consumer
code that expects a single port value (functions/variables that read the
associative array) accordingly.