Bug ID 1189560
Summary firewalld forgets wicked zone assignment on service restart
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Network
Assignee mrostecki@suse.com
Reporter fvogt@suse.com
QA Contact qa-bugs@suse.de
CC rfrohl@suse.com, wicked-maintainers@suse.de
Found By ---
Blocker --- 

When the system boots, wicked's firewalld extension mechanism informs firewalld
about the configured interfaces and assignes them to the configured zones:

localhost:~ # firewall-cmd --list-interfaces
ens3

This is kept after a reload:

localhost:~ # firewall-cmd --reload
success
localhost:~ # firewall-cmd --list-interfaces
ens3

But not after a restart:

localhost:~ # rcfirewalld restart
localhost:~ # firewall-cmd --list-interfaces
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'docker' (see --get-active-zones)
You most likely need to use --zone=docker option.

This seems very fragile and hits openQA which (for some reason, probably a bad
one) disables the firewall temporarily in some tests.

Maybe wicked should save the zone assignments in the permanent config?

You are receiving this mail because: