SUMMARY Creating a rule using the simple "Create A New Firewall Rule" dialogue to allow incoming for a selected application should allow incoming connections _to_ that port; instead it allows incoming connections _from_ that port. This means that -- for example -- allowing incoming for OpenSSH does not allow other devices on the network to connect via ssh. STEPS TO REPRODUCE 1. Open the firewall module in System Settings (supplying password if requested) 2. Enable the firewall if it isn't already 3. "+ Add Rule..." (Create A New Firewall Rule dialogue appears) 4. Select an application from the list (e.g. OpenSSH) 5. Set Policy to "Allow" 6. Set Direction to "Incoming" 7. Click "Create" OBSERVED RESULT Rules are created that allow incoming from "OpenSSH (22/TCP)" to "Anywhere" EXPECTED RESULT Rules are created that allow incoming from "Anywhere" to "OpenSSH (22/TCP)" SOFTWARE/OS VERSIONS Operating System: KDE neon Unstable Edition KDE Plasma Version: 5.26.80 KDE Frameworks Version: 5.102.0 Qt Version: 5.15.7 Graphics Platform: Wayland
Hi Paul, I assume you are referring to ufw backend, right?
Hi Lucas, yes you assume correctly, my system is using ufw.
Okay, I think I found the culprit, will work on it.
A possibly relevant merge request was started @ https://invent.kde.org/plasma/plasma-firewall/-/merge_requests/62
Git commit f32ebd357328881154218a82f42bf170c59f99dc by Lucas Biaggi. Committed on 19/01/2023 at 11:02. Pushed by lbiaggi into branch 'master'. hint UFW about the service direction (simplified rule interface) With the simplified rule interface, the objective is to let user choose only the service that they want to get IN or OUT (`UFW scenario`). Currently, UFW can't automatically identify the service direction correctly, we need to hint it the correct direction. M +5 -2 kcm/backends/ufw/ufwclient.cpp https://invent.kde.org/plasma/plasma-firewall/commit/f32ebd357328881154218a82f42bf170c59f99dc