From 96464351344e6226d7c6056f8565849d5f1297ae Mon Sep 17 00:00:00 2001
From: Ivailo Monev <xakepa10@gmail.com>
Date: Sat, 7 May 2022 00:05:54 +0300
Subject: [PATCH] kfirewall: fix inbound traffic rules generation

Signed-off-by: Ivailo Monev <xakepa10@gmail.com>
---
 kfirewall/kcm/kfirewallhelper.cpp | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/kfirewall/kcm/kfirewallhelper.cpp b/kfirewall/kcm/kfirewallhelper.cpp
index 8a3b9733..26f32032 100644
--- a/kfirewall/kcm/kfirewallhelper.cpp
+++ b/kfirewall/kcm/kfirewallhelper.cpp
@@ -35,9 +35,11 @@ static QByteArray rulesForParameters(const QVariantMap &parameters, const bool a
         const QByteArray actionvalue = rulesettingsmap.value(QString::fromLatin1("action")).toByteArray();
         // qDebug() << Q_FUNC_INFO << trafficvalue << addressvalue << portvalue << actionvalue;
 
+        bool isinbound = false;
         QByteArray iptablestraffic = trafficvalue.toUpper();
         if (iptablestraffic == "INBOUND") {
             iptablestraffic = "INPUT";
+            isinbound = true;
         } else {
             iptablestraffic = "OUTPUT";
         }
@@ -56,8 +58,11 @@ static QByteArray rulesForParameters(const QVariantMap &parameters, const bool a
             iptablesruledata.append(" -p tcp --dport ");
             iptablesruledata.append(QByteArray::number(portvalue));
         }
-        iptablesruledata.append(" -m owner --uid-owner ");
-        iptablesruledata.append(uservalue);
+        if (!isinbound) {
+            // NOTE: only output can be user-bound
+            iptablesruledata.append(" -m owner --uid-owner ");
+            iptablesruledata.append(uservalue);
+        }
         iptablesruledata.append(" -j ");
         iptablesruledata.append(actionvalue.toUpper());
         iptablesruledata.append("\n");
-- 
2.11.0