Bug 463265

Summary: Rules created via the simple dialogue have opposite sense to what was expected
Product: [Applications] systemsettings Reporter: Paul Worrall <p.r.worrall>
Component: kcm_firewallAssignee: Plasma Bugs List <plasma-bugs-null>
Status: RESOLVED FIXED    
Severity: normal CC: lucas.biaggi, nate, tcanabrava
Priority: NOR    
Version First Reported In: master   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: https://invent.kde.org/plasma/plasma-firewall/commit/f32ebd357328881154218a82f42bf170c59f99dc Version Fixed In:
Sentry Crash Report:

Description Paul Worrall 2022-12-20 10:47:24 UTC 
SUMMARY
Creating a rule using the simple "Create A New Firewall Rule" dialogue to allow incoming for a selected application should allow incoming connections _to_ that port; instead it allows incoming connections _from_ that port. 

This means that -- for example -- allowing incoming for OpenSSH does not allow other devices on the network to connect via ssh.

STEPS TO REPRODUCE
1. Open the firewall module in System Settings (supplying password if requested)
2. Enable the firewall if it isn't already
3. "+ Add Rule..." (Create A New Firewall Rule dialogue appears)
4. Select an application from the list (e.g. OpenSSH)
5. Set Policy to "Allow"
6. Set Direction to "Incoming"
7. Click "Create"

OBSERVED RESULT
Rules are created that allow incoming from "OpenSSH (22/TCP)" to "Anywhere"

EXPECTED RESULT
Rules are created that allow incoming from "Anywhere" to "OpenSSH (22/TCP)"

SOFTWARE/OS VERSIONS
Operating System: KDE neon Unstable Edition
KDE Plasma Version: 5.26.80
KDE Frameworks Version: 5.102.0
Qt Version: 5.15.7
Graphics Platform: Wayland
Comment 1 Lucas Biaggi 2022-12-20 12:51:32 UTC 
Hi Paul,

I assume you are referring to ufw backend, right?
Comment 2 Paul Worrall 2022-12-20 16:27:14 UTC 
Hi Lucas, yes you assume correctly, my system is using ufw.
Comment 3 Lucas Biaggi 2022-12-21 10:25:53 UTC 
Okay, I think I found the culprit, will work on it.
Comment 4 Bug Janitor Service 2023-01-01 11:23:04 UTC 
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-firewall/-/merge_requests/62
Comment 5 Lucas Biaggi 2023-01-19 11:02:50 UTC 
Git commit f32ebd357328881154218a82f42bf170c59f99dc by Lucas Biaggi.
Committed on 19/01/2023 at 11:02.
Pushed by lbiaggi into branch 'master'.

hint UFW about the service direction (simplified rule interface)

With the simplified rule interface, the objective is to let user choose only the service that they want to get IN or OUT (`UFW scenario`). Currently, UFW can't automatically identify the service direction correctly, we need to hint it the correct direction.

M  +5    -2    kcm/backends/ufw/ufwclient.cpp

https://invent.kde.org/plasma/plasma-firewall/commit/f32ebd357328881154218a82f42bf170c59f99dc