Firewall default open-out.rules addition

[ghost]

When using SIP VoIP [Linphone] the firewall requires opening ports.
However, firewall deny trapping shows that fragmented ip-proto-17 datagrams are not handled and must be reassembled.

1. I suggest you consider modifying the default /etc/ipfw-profiles/open-out.rules to include
   $cmd reass all from any to any in
   As I'm not confident Trident Firewall IPv6 can handle reass you might use
   $cmd reass ip4 from any to any in
2. In addition to the current Firewall Manager services pick list, for SIP you might consider adding the supplementary default Linphone ports too:
   9078/udp Linphone Video
   7078/udp Linphone Audio

To Reproduce
Install Linphone and log firewall deny events with ports open:
9078/udp
7078/udp
5061/udp sip-tld #SIP over TLS
5061/tcp sip-tld #SIP over TLS
5060/udp sip #Session Initilisation Protocol (VoIP)
5060/tcp sip #Session Initilisation Protocol (VoIP)
You should see fragmented datagrams of ip-proto-17, and use of the Linphone default ports.
Modify open-out.rules to include reass and the issue should clear.
More detail on installing Linphone SIP VoIP is on our community forum where I raised a report.
[https://discourse.trueos.org/t/sip-voip-settings/3772]

Expected behavior
Firewall would not block SIP if defined ports are open.

OS Version:
Fresh install of U8 to blank disc.
FreeBSD trident-4783 13.0-CURRENT FreeBSD 13.0-CURRENT GENERIC-NODEBUG amd64
Thanks,
Steve

[RodMyers]

No longer a valid issue. Moving to void linux in 2020