diff --git a/app/sovran_systemsos_web/server.py b/app/sovran_systemsos_web/server.py
index 1a686a6..b82820b 100644
--- a/app/sovran_systemsos_web/server.py
+++ b/app/sovran_systemsos_web/server.py
@@ -204,7 +204,7 @@ FEATURE_REGISTRY = [
             {"port": "80",          "protocol": "TCP",     "description": "HTTP (redirect to HTTPS)"},
             {"port": "443",         "protocol": "TCP",     "description": "HTTPS (domain)"},
             {"port": "7881",        "protocol": "TCP",     "description": "LiveKit WebRTC signalling"},
-            {"port": "7882-7894",   "protocol": "UDP",     "description": "LiveKit media streams"},
+            {"port": "7882",        "protocol": "UDP",     "description": "LiveKit media (UDP mux)"},
             {"port": "5349",        "protocol": "TCP",     "description": "TURN over TLS"},
             {"port": "3478",        "protocol": "UDP",     "description": "TURN (STUN/relay)"},
             {"port": "30000-40000", "protocol": "TCP/UDP", "description": "TURN relay (WebRTC)"},
@@ -295,7 +295,7 @@ _PORTS_MATRIX_FEDERATION = [
 ]
 _PORTS_ELEMENT_CALLING = [
     {"port": "7881",        "protocol": "TCP",     "description": "LiveKit WebRTC signalling"},
-    {"port": "7882-7894",   "protocol": "UDP",     "description": "LiveKit media streams"},
+    {"port": "7882",        "protocol": "UDP",     "description": "LiveKit media (UDP mux)"},
     {"port": "5349",        "protocol": "TCP",     "description": "TURN over TLS"},
     {"port": "3478",        "protocol": "UDP",     "description": "TURN (STUN/relay)"},
     {"port": "30000-40000", "protocol": "TCP/UDP", "description": "TURN relay (WebRTC)"},
@@ -894,7 +894,7 @@ def _get_firewall_allowed_ports() -> dict[str, set[int]]:
 
 
 def _port_range_to_ints(port_str: str) -> list[int]:
-    """Convert a port string like ``"443"``, ``"7882-7894"`` to a list of ints."""
+    """Convert a port string like ``"443"``, ``"30000-40000"`` to a list of ints."""
     port_str = port_str.strip()
     if re.match(r'^\d+$', port_str):
         return [int(port_str)]
diff --git a/app/sovran_systemsos_web/static/onboarding.js b/app/sovran_systemsos_web/static/onboarding.js
index b6e0e7c..2b0138e 100644
--- a/app/sovran_systemsos_web/static/onboarding.js
+++ b/app/sovran_systemsos_web/static/onboarding.js
@@ -557,7 +557,7 @@ async function loadStep4() {
   html += '<thead><tr><th>Port</th><th>Protocol</th><th>Forward&nbsp;to</th><th>Purpose</th></tr></thead>';
   html += '<tbody>';
   html += '<tr><td class="port-req-port">7881</td><td class="port-req-proto">TCP</td><td class="port-req-internal-ip">' + ip + '</td><td class="port-req-desc">LiveKit WebRTC signalling</td></tr>';
-  html += '<tr><td class="port-req-port">7882–7894</td><td class="port-req-proto">UDP</td><td class="port-req-internal-ip">' + ip + '</td><td class="port-req-desc">LiveKit media streams</td></tr>';
+  html += '<tr><td class="port-req-port">7882</td><td class="port-req-proto">UDP</td><td class="port-req-internal-ip">' + ip + '</td><td class="port-req-desc">LiveKit media (UDP mux)</td></tr>';
   html += '<tr><td class="port-req-port">5349</td><td class="port-req-proto">TCP</td><td class="port-req-internal-ip">' + ip + '</td><td class="port-req-desc">TURN over TLS</td></tr>';
   html += '<tr><td class="port-req-port">3478</td><td class="port-req-proto">UDP</td><td class="port-req-internal-ip">' + ip + '</td><td class="port-req-desc">TURN (STUN/relay)</td></tr>';
   html += '<tr><td class="port-req-port">30000–40000</td><td class="port-req-proto">TCP/UDP</td><td class="port-req-internal-ip">' + ip + '</td><td class="port-req-desc">TURN relay (WebRTC)</td></tr>';
diff --git a/modules/element-calling.nix b/modules/element-calling.nix
index 1f16789..7f8674b 100755
--- a/modules/element-calling.nix
+++ b/modules/element-calling.nix
@@ -130,7 +130,7 @@ EOF
     keyFile = livekitKeyFile;
     settings = {
       rtc.use_external_ip = true;
-      rtc.udp_port = "7882-7894";
+      rtc.udp_port = 7882;
       room.auto_create = false;
       turn = {
         enabled = true;
@@ -141,10 +141,9 @@ EOF
   };
 
   networking.firewall.allowedTCPPorts = [ 5349 7881 ];
-  networking.firewall.allowedUDPPorts = [ 3478 ];
+  networking.firewall.allowedUDPPorts = [ 3478 7882 ];
   networking.firewall.allowedUDPPortRanges = [
-    { from = 7882; to = 7894; }
-    { from = 30000; to = 40000;}
+    { from = 30000; to = 40000; }
   ];
   networking.firewall.allowedTCPPortRanges = [
     { from = 30000; to = 40000; }