https://bugzilla.suse.com/show_bug.cgi?id=1189560 Bug ID: 1189560 Summary: firewalld forgets wicked zone assignment on service restart Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: mrostecki@suse.com Reporter: fvogt@suse.com QA Contact: qa-bugs@suse.de CC: rfrohl@suse.com, wicked-maintainers@suse.de Found By: --- Blocker: --- When the system boots, wicked's firewalld extension mechanism informs firewalld about the configured interfaces and assignes them to the configured zones: localhost:~ # firewall-cmd --list-interfaces ens3 This is kept after a reload: localhost:~ # firewall-cmd --reload success localhost:~ # firewall-cmd --list-interfaces ens3 But not after a restart: localhost:~ # rcfirewalld restart localhost:~ # firewall-cmd --list-interfaces You're performing an operation over default zone ('public'), but your connections/interfaces are in zone 'docker' (see --get-active-zones) You most likely need to use --zone=docker option. This seems very fragile and hits openQA which (for some reason, probably a bad one) disables the firewall temporarily in some tests. Maybe wicked should save the zone assignments in the permanent config? -- You are receiving this mail because: You are on the CC list for the bug.