kfirewall: generate rule for UDP protocol too

author Ivailo Monev <xakepa10@gmail.com>

Sat, 7 May 2022 09:51:39 +0000 (12:51 +0300)

committer Ivailo Monev <xakepa10@gmail.com>

Sat, 7 May 2022 09:51:39 +0000 (12:51 +0300)
author Ivailo Monev <xakepa10@gmail.com>
Sat, 7 May 2022 09:51:39 +0000 (12:51 +0300)
committer Ivailo Monev <xakepa10@gmail.com>
Sat, 7 May 2022 09:51:39 +0000 (12:51 +0300)
diff --git a/kfirewall/kcm/kfirewallhelper.cpp b/kfirewall/kcm/kfirewallhelper.cpp

index e4e83ad..20cb700 100644 (file)
--- a/kfirewall/kcm/kfirewallhelper.cpp
+++ b/kfirewall/kcm/kfirewallhelper.cpp
@@ -23,6 +23,50 @@
  #include <kauthhelpersupport.h>
  #include <kdebug.h>
  
+static QByteArray ruleForSettings(const QByteArray &uservalue, const QByteArray &trafficvalue,
+                                  const QByteArray &addressvalue, const uint portvalue,
+                                  const QByteArray &actionvalue, const bool appendrules, const bool tcprule)
+{
+    QByteArray iptablesruledata;
+    bool isinbound = false;
+    QByteArray iptablestraffic = trafficvalue.toUpper();
+    if (iptablestraffic == "INBOUND") {
+        iptablestraffic = "INPUT";
+        isinbound = true;
+    } else {
+        iptablestraffic = "OUTPUT";
+    }
+
+    if (appendrules) {
+        iptablesruledata.append("--append ");
+    } else {
+        iptablesruledata.append("--delete ");
+    }
+    iptablesruledata.append(iptablestraffic);
+    if (!addressvalue.isEmpty()) {
+        iptablesruledata.append(" --destination ");
+        iptablesruledata.append(addressvalue);
+    }
+    if (portvalue > 0) {
+        if (tcprule) {
+            iptablesruledata.append(" --proto tcp --dport ");
+            iptablesruledata.append(QByteArray::number(portvalue));
+        } else {
+            iptablesruledata.append(" --proto udp --dport ");
+            iptablesruledata.append(QByteArray::number(portvalue));
+        }
+    }
+    if (!isinbound) {
+        // NOTE: only output can be user-bound
+        iptablesruledata.append(" --match owner --uid-owner ");
+        iptablesruledata.append(uservalue);
+    }
+    iptablesruledata.append(" --jump ");
+    iptablesruledata.append(actionvalue.toUpper());
+    iptablesruledata.append("\n");
+    return iptablesruledata;
+}
+
  static QByteArray rulesForParameters(const QVariantMap &parameters, const bool appendrules)
  {
      QByteArray iptablesruledata("*filter\n");
@@ -35,37 +79,18 @@ static QByteArray rulesForParameters(const QVariantMap &parameters, const bool a
          const QByteArray actionvalue = rulesettingsmap.value(QString::fromLatin1("action")).toByteArray();
          // qDebug() << Q_FUNC_INFO << trafficvalue << addressvalue << portvalue << actionvalue;
  
-        bool isinbound = false;
-        QByteArray iptablestraffic = trafficvalue.toUpper();
-        if (iptablestraffic == "INBOUND") {
-            iptablestraffic = "INPUT";
-            isinbound = true;
-        } else {
-            iptablestraffic = "OUTPUT";
-        }
-
-        if (appendrules) {
-            iptablesruledata.append("--append ");
-        } else {
-            iptablesruledata.append("--delete ");
-        }
-        iptablesruledata.append(iptablestraffic);
-        if (!addressvalue.isEmpty()) {
-            iptablesruledata.append(" --destination ");
-            iptablesruledata.append(addressvalue);
-        }
-        if (portvalue > 0) {
-            iptablesruledata.append(" --proto tcp --dport ");
-            iptablesruledata.append(QByteArray::number(portvalue));
-        }
-        if (!isinbound) {
-            // NOTE: only output can be user-bound
-            iptablesruledata.append(" --match owner --uid-owner ");
-            iptablesruledata.append(uservalue);
-        }
-        iptablesruledata.append(" --jump ");
-        iptablesruledata.append(actionvalue.toUpper());
-        iptablesruledata.append("\n");
+        iptablesruledata.append(
+            ruleForSettings(
+                uservalue, trafficvalue, addressvalue, portvalue, actionvalue,
+                appendrules, true
+            )
+        );
+        iptablesruledata.append(
+            ruleForSettings(
+                uservalue, trafficvalue, addressvalue, portvalue, actionvalue,
+                appendrules, false
+            )
+        );
      }
      iptablesruledata.append("COMMIT\n");
      // qDebug() << Q_FUNC_INFO << iptablesruledata;
diff --git a/kfirewall/kded/kded_kfirewall.cpp b/kfirewall/kded/kded_kfirewall.cpp

index c1502ff..e476b21 100644 (file)
--- a/kfirewall/kded/kded_kfirewall.cpp
+++ b/kfirewall/kded/kded_kfirewall.cpp
@@ -60,7 +60,7 @@ bool KFirewallModule::enable()
      const QByteArray kfirewalljsondata = kfirewallfile.readAll();
      QJsonDocument kfirewalljsondocument = QJsonDocument::fromJson(kfirewalljsondata);
      if (!kfirewalljsondata.isEmpty() && kfirewalljsondocument.isNull()) {
-        kWarning() << "Could create JSON document" << kfirewalljsondocument.errorString();
+        kWarning() << "Could not create JSON document" << kfirewalljsondocument.errorString();
          return false;
      }
      m_kfirewallsettingsmap = kfirewalljsondocument.toVariant().toMap();
@@ -101,6 +101,7 @@ bool KFirewallModule::disable()
          return false;
      }
  
+    m_kfirewallsettingsmap.clear();
      return true;
  }
author	Ivailo Monev <xakepa10@gmail.com>
	Sat, 7 May 2022 09:51:39 +0000 (12:51 +0300)
committer	Ivailo Monev <xakepa10@gmail.com>
	Sat, 7 May 2022 09:51:39 +0000 (12:51 +0300)
kfirewall/kcm/kfirewallhelper.cpp		patch \| blob \| history
kfirewall/kded/kded_kfirewall.cpp		patch \| blob \| history