Description of problem: The kde-connect package provides firewalld rules but does not make it clear or semi-automatic that the rule needs to be applied before it will work. This will confuse most non-technical users. Version-Release number of selected component (if applicable): Fedora 23 # rpm -q kde-connect kde-connect-0.8-9.fc23.x86_64 Additional info: To `fix` the issue one should run: # firewall-cmd --permanent --add-service kde-connect # firewall-cmd --reload Ideally upon trying to use kde-connect we should detect if the ports are being blocked, ask dbus??? Cheers, Edward.
It all depends on your default firewall zone, whether these extra rules are needed or not. I'm not aware of any runtime method to determine if ports are blocked/open or not. Not sure if there's currently much we can do (in kde-connect), maybe firewalld and friends can.
Rex, Hi so I worked out how to possibly fix this by using the DBus interface. $ qdbus --system --literal org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1 org.fedoraproject.FirewallD1.zone.getActiveZones [Argument: a{sa{sas}} {"home" = [Argument: a{sas} {"interfaces" = {"wlp3s0"}}]}] $ qdbus --system --literal org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1 org.fedoraproject.FirewallD1.zone.queryService home kde-connect false $ qdbus --system --literal org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1 org.fedoraproject.FirewallD1.zone.addService home kde-connect 10 "home" $ qdbus --system --literal org.fedoraproject.FirewallD1 /org/fedoraproject/FirewallD1 org.fedoraproject.FirewallD1.zone.queryService home kde-connect true How about that? :D Kind Regards, Edward.
We're not allowed to poke holes in firewall automatically... if that's what you're suggesting We could add a script (that users can run) in the packaging to do it, if you want though.
Well I am not suggesting that exactly. This is a usability bug report. I am suggesting that kde-connect, as part of its pairing wizard, can determine that the service is not enabled and ask the user if they would like to poke the hole for kde-connect to work. Hence the boolean RPCalls above that demonstrate the query aspects. At minimum I suggest that kde-connect should query the respective boolean to advice the user that the firewall is not permissive of the required traffic so the user even knows where to look in the first place. Most typically a user will just find kde-connect "does not work" and have a blank expression on their face then give up ;) Cheers,
OK, if you're suggesting code/UI changes, that would be an excellent suggestion for upstream developers. We (most likely) will be unable to implement anything like that downstream in fedora ourselves
Rex, Can we leave this open and confirmed, I'll file a upstream bug and link it here when I get a moment so if users get confused it is at least a known-issue. Cheers,
Sure, that's perfectly fine. And, thanks a lot for your input here.
It would be nice to suggest that users must open ports in the firewall, ideally in KDE Connect itself. You can enter the command lines in comment 0 or using the Firewall Configuration application check kde-connect in Zones > Services. I documented the latter in https://community.kde.org/KDEConnect#Troubleshooting , but that still requires the user to search for and find the fix.
(In reply to skierpage from comment #8) > It would be nice to suggest that users must open ports in the firewall, > ideally in KDE Connect itself. I created https://phabricator.kde.org/T5191 , "KDE Connect should warn user if it can't open needed ports", referencing this bug.