OSDN Git Service

(root) / kde / kde-workspace.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 328f3e0)
kfirewall: fix inbound traffic rules generation
authorIvailo Monev <xakepa10@gmail.com>
Fri, 6 May 2022 21:05:54 +0000 (00:05 +0300)
committerIvailo Monev <xakepa10@gmail.com>
Fri, 6 May 2022 21:05:54 +0000 (00:05 +0300)
Signed-off-by: Ivailo Monev <xakepa10@gmail.com>
kfirewall/kcm/kfirewallhelper.cpp patch | blob | history

diff --git a/kfirewall/kcm/kfirewallhelper.cpp b/kfirewall/kcm/kfirewallhelper.cpp
index 8a3b973..26f3203 100644 (file)
--- a/kfirewall/kcm/kfirewallhelper.cpp
+++ b/kfirewall/kcm/kfirewallhelper.cpp
@@ -35,9 +35,11 @@ static QByteArray rulesForParameters(const QVariantMap &parameters, const bool a
         const QByteArray actionvalue = rulesettingsmap.value(QString::fromLatin1("action")).toByteArray();
         // qDebug() << Q_FUNC_INFO << trafficvalue << addressvalue << portvalue << actionvalue;
 
+        bool isinbound = false;
         QByteArray iptablestraffic = trafficvalue.toUpper();
         if (iptablestraffic == "INBOUND") {
             iptablestraffic = "INPUT";
+            isinbound = true;
         } else {
             iptablestraffic = "OUTPUT";
         }
@@ -56,8 +58,11 @@ static QByteArray rulesForParameters(const QVariantMap &parameters, const bool a
             iptablesruledata.append(" -p tcp --dport ");
             iptablesruledata.append(QByteArray::number(portvalue));
         }
-        iptablesruledata.append(" -m owner --uid-owner ");
-        iptablesruledata.append(uservalue);
+        if (!isinbound) {
+            // NOTE: only output can be user-bound
+            iptablesruledata.append(" -m owner --uid-owner ");
+            iptablesruledata.append(uservalue);
+        }
         iptablesruledata.append(" -j ");
         iptablesruledata.append(actionvalue.toUpper());
         iptablesruledata.append("\n");
Katana workspace
About OSDN
Find Software
Develop Software
Help