salt/states/roles/maintain/deluge/firewalld-direct.xml

<?xml version="1.0" encoding="utf-8"?>
<direct>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --gid-owner deluge -o lo -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --uid-owner deluge -p tcp --dport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="0">-m owner --uid-owner deluge -p udp --dport 53 -j ACCEPT</rule>
  <rule ipv="ipv4" table="filter" chain="OUTPUT" priority="1">-m owner --gid-owner deluge '!' -o tun0 -j REJECT</rule>
</direct>