From 1e3d07c334cce524e4a4ecb1e9a9af7e38e8c099 Mon Sep 17 00:00:00 2001
From: Ivailo Monev <xakepa10@gmail.com>
Date: Sat, 7 May 2022 12:51:39 +0300
Subject: [PATCH] kfirewall: generate rule for UDP protocol too

Signed-off-by: Ivailo Monev <xakepa10@gmail.com>
---
 kfirewall/kcm/kfirewallhelper.cpp | 87 +++++++++++++++++++++++++--------------
 kfirewall/kded/kded_kfirewall.cpp |  3 +-
 2 files changed, 58 insertions(+), 32 deletions(-)

diff --git a/kfirewall/kcm/kfirewallhelper.cpp b/kfirewall/kcm/kfirewallhelper.cpp
index e4e83ad3..20cb700e 100644
--- a/kfirewall/kcm/kfirewallhelper.cpp
+++ b/kfirewall/kcm/kfirewallhelper.cpp
@@ -23,6 +23,50 @@
 #include <kauthhelpersupport.h>
 #include <kdebug.h>
 
+static QByteArray ruleForSettings(const QByteArray &uservalue, const QByteArray &trafficvalue,
+                                  const QByteArray &addressvalue, const uint portvalue,
+                                  const QByteArray &actionvalue, const bool appendrules, const bool tcprule)
+{
+    QByteArray iptablesruledata;
+    bool isinbound = false;
+    QByteArray iptablestraffic = trafficvalue.toUpper();
+    if (iptablestraffic == "INBOUND") {
+        iptablestraffic = "INPUT";
+        isinbound = true;
+    } else {
+        iptablestraffic = "OUTPUT";
+    }
+
+    if (appendrules) {
+        iptablesruledata.append("--append ");
+    } else {
+        iptablesruledata.append("--delete ");
+    }
+    iptablesruledata.append(iptablestraffic);
+    if (!addressvalue.isEmpty()) {
+        iptablesruledata.append(" --destination ");
+        iptablesruledata.append(addressvalue);
+    }
+    if (portvalue > 0) {
+        if (tcprule) {
+            iptablesruledata.append(" --proto tcp --dport ");
+            iptablesruledata.append(QByteArray::number(portvalue));
+        } else {
+            iptablesruledata.append(" --proto udp --dport ");
+            iptablesruledata.append(QByteArray::number(portvalue));
+        }
+    }
+    if (!isinbound) {
+        // NOTE: only output can be user-bound
+        iptablesruledata.append(" --match owner --uid-owner ");
+        iptablesruledata.append(uservalue);
+    }
+    iptablesruledata.append(" --jump ");
+    iptablesruledata.append(actionvalue.toUpper());
+    iptablesruledata.append("\n");
+    return iptablesruledata;
+}
+
 static QByteArray rulesForParameters(const QVariantMap &parameters, const bool appendrules)
 {
     QByteArray iptablesruledata("*filter\n");
@@ -35,37 +79,18 @@ static QByteArray rulesForParameters(const QVariantMap &parameters, const bool a
         const QByteArray actionvalue = rulesettingsmap.value(QString::fromLatin1("action")).toByteArray();
         // qDebug() << Q_FUNC_INFO << trafficvalue << addressvalue << portvalue << actionvalue;
 
-        bool isinbound = false;
-        QByteArray iptablestraffic = trafficvalue.toUpper();
-        if (iptablestraffic == "INBOUND") {
-            iptablestraffic = "INPUT";
-            isinbound = true;
-        } else {
-            iptablestraffic = "OUTPUT";
-        }
-
-        if (appendrules) {
-            iptablesruledata.append("--append ");
-        } else {
-            iptablesruledata.append("--delete ");
-        }
-        iptablesruledata.append(iptablestraffic);
-        if (!addressvalue.isEmpty()) {
-            iptablesruledata.append(" --destination ");
-            iptablesruledata.append(addressvalue);
-        }
-        if (portvalue > 0) {
-            iptablesruledata.append(" --proto tcp --dport ");
-            iptablesruledata.append(QByteArray::number(portvalue));
-        }
-        if (!isinbound) {
-            // NOTE: only output can be user-bound
-            iptablesruledata.append(" --match owner --uid-owner ");
-            iptablesruledata.append(uservalue);
-        }
-        iptablesruledata.append(" --jump ");
-        iptablesruledata.append(actionvalue.toUpper());
-        iptablesruledata.append("\n");
+        iptablesruledata.append(
+            ruleForSettings(
+                uservalue, trafficvalue, addressvalue, portvalue, actionvalue,
+                appendrules, true
+            )
+        );
+        iptablesruledata.append(
+            ruleForSettings(
+                uservalue, trafficvalue, addressvalue, portvalue, actionvalue,
+                appendrules, false
+            )
+        );
     }
     iptablesruledata.append("COMMIT\n");
     // qDebug() << Q_FUNC_INFO << iptablesruledata;
diff --git a/kfirewall/kded/kded_kfirewall.cpp b/kfirewall/kded/kded_kfirewall.cpp
index c1502ffe..e476b212 100644
--- a/kfirewall/kded/kded_kfirewall.cpp
+++ b/kfirewall/kded/kded_kfirewall.cpp
@@ -60,7 +60,7 @@ bool KFirewallModule::enable()
     const QByteArray kfirewalljsondata = kfirewallfile.readAll();
     QJsonDocument kfirewalljsondocument = QJsonDocument::fromJson(kfirewalljsondata);
     if (!kfirewalljsondata.isEmpty() && kfirewalljsondocument.isNull()) {
-        kWarning() << "Could create JSON document" << kfirewalljsondocument.errorString();
+        kWarning() << "Could not create JSON document" << kfirewalljsondocument.errorString();
         return false;
     }
     m_kfirewallsettingsmap = kfirewalljsondocument.toVariant().toMap();
@@ -101,6 +101,7 @@ bool KFirewallModule::disable()
         return false;
     }
 
+    m_kfirewallsettingsmap.clear();
     return true;
 }
 
-- 
2.11.0