SUMMARY I am unable to specify ufw rules with port ranges. In gufw, I can specify a port range like "1024:65535", but I can't even type the ":" character in the KDE firewall settings. I think its just bad textbox validation. The UI needs to be updated to allow the ":" character. STEPS TO REPRODUCE 1. Enable ufw firewall 2. Click Add Rule 3. Try to specify a rule with a port range (ie. 1024:65535) OBSERVED RESULT Can't type in ":" character to specify range EXPECTED RESULT ":" is valid so that port ranges can be specified. SOFTWARE/OS VERSIONS Linux/KDE Plasma: 5.21.2 (available in About System) KDE Plasma Version: 5.21.2 KDE Frameworks Version: 5.79.0 Qt Version: 5.15.2 ADDITIONAL INFORMATION Workaround is to use gufw to specify port ranges. After that the rules correctly appear in the KDE firewall settings.
Can confirm. Workaround for me is to add rules via the command line. (ex. $sudo ufw allow 1714:1764/tcp) After opening the settings again, the port fields are populated with the colon, and the previously number-only input field now allows any character to written. (as a contingency I would guess)
On this topic, I also find strange about this issue (that I personally have), is that I have a ufw profile set at: "/etc/ufw/applications.d/ufw-video-games" but it doesn't honor any of the contents: ``` [Minecraft] title=Minecraft description=Minecraft Java Edition server port(s) ports=25565/tcp [ZDoom] title=ZDoom description=A game engine re-implementation for classic Doom games ports=5029/udp [Zandronum] title=Zandronum description=A multiplayer game engine re-implementation for classic Doom games ports=10666:10700/udp ``` Attempting to get around these myself (via gufw, at least) later causes them to appear in plasma-firewall but inadequately named (not the names I set in gufw) with no way to address this... Not exactly the same issue but very closely linked, so I felt I should mention it.
*** Bug 460112 has been marked as a duplicate of this bug. ***
I'm also having the same limitation with plasma-firewall 5.27.0-1 (Arch Linux) It's the same problem on both firewalld and ufw. I wanted to open 1714:1764 ports through plasma-firewall, but ended up doing that via CLI.
I'm encountering the same issue with the Add button being grayed out the moment a colon is entered in the Port text field. Strangely, the "Simple" tab initially allowed me to enter the range using a dash instead of a colon and then successfully add the rule (despite the tool-tip popup specifying the use of a colon), but after removing the rule and attempting to re-add it, this no longer worked and the log complained about the dash: Error running: /usr/sbin/ufw allow in from any to any port 1714-1764 > ERROR: Bad port '1714-1764' |
Correction: upon examining the log more closely, I see that the rule that I'd successfully applied was from the Advanced tab, entering port 1714 in From and port 1716 in To, which is not the same as entering a port range. Also, I'm adding the observation that the graying-out of the Add button when a colon is entered in any Port field, happens for both the Simple and Advanced tabs.
After some more digging, I discovered that this is a known issue that the maintainer of gufw has unfortunately refused to fix, despite the confusion it is causing for users and despite someone offering a patch to correct the issue: https://github.com/costales/gufw/issues/65 https://github.com/dajusc/gufw/commit/2348e60634203d9dfa5624c6512ad05f585d9653 Apparently the issue only occurs when Protocol is set to Both; setting it to TCP or UDP returns the ability to add ranges, which is not obvious to the user. The maintainer refused to implement a patch that would simply issue two separate commands (one for TCP and one for UDP) to ufw when the Protocol is set to Both. It would be wonderful if that patch would be merged downstream to put an end to this confusing situation!
My sincere apologies for conflating the KDE Firewall issue with a similar issue in gufw. However it's still true that being able to add a range of ports for both TCP and UDP in one operation would be a most-welcome addition to the KDE Firewall interface, and the method in the proposed gufw patch that I linked to (issuing two separate commands to ufw) might be a good method to use in KDE Firewall as well. Sorry for the confusion, and thanks so much for all your hard work!