On my Raspberry Pi 1B the latest JeOS Tumbleweed image, Snapshot20201209, is
installed.
I want to use firewalld with the following deviations from the standard
configuration given as firewall-cmd lines.

firewall-cmd --permanent --zone=public --remove-service=ssh
firewall-cmd --permanent --zone=public --add-rich-rule='rule port port="22" \
protocol="tcp" log prefix="SFW2-INSSH " level="info" limit value="6/m" drop'
firewall-cmd --permanent --zone=internal --remove-service=samba-client
firewall-cmd --permanent --zone=internal --add-service=ssh
firewall-cmd --permanent --zone=internal --add-source=192.168.0.0/16
firewall-cmd --permanent --zone=internal --add-source=fe80::/16
firewall-cmd --permanent --zone=internal --add-source=83.x.y.z
firewall-cmd --permanent --zone=internal --add-source=2001:x:y:z::/48
firewall-cmd --permanent --zone=internal --add-source=2001:xx:yy:zz::/56
public is the default zone
The firewall blocks almost all traffic and allows ssh access from the listed
IPv4 and IPv6 addresses in zone internal; some local, some from somewhere in
the internet. The rich-rule keeps track of unwanted access to the ssh port.
When I reboot the system with the firewalld.service enabled I use "ip a" to
list the IP addresses assigned to the interfaces lo: and eth0:
In this list eth0 does not have an IPv4 address. Also when I stop the firewalld
service eth0 still does not get an IPv4 address. Only after a restart of the
network service, eth0 gets an IPv4 address; no firewall active.
eth0 is configured (standard) to get an IPv4 address via DHCP.
Also router information "ip r" and /etc/resolv.conf do not contain IPv4
addresses.

To did investigate this further, so I installed the latest JeOS Tumbleweed on
my RPi4 and configured firewalld in the same way. This system does NOT show
this wrong behavior.