https://bugzilla.suse.com/show_bug.cgi?id=1184457 https://bugzilla.suse.com/show_bug.cgi?id=1184457#c1 Knut Alejandro Anderssen Gonz�lez <kanderssen@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kanderssen@suse.com, | |mail@georg-pfuetzenreuter.n | |et Flags| |needinfo?(mail@georg-pfuetz | |enreuter.net) --- Comment #1 from Knut Alejandro Anderssen Gonz�lez <kanderssen@suse.com> --- As commented on IRC firewalld have some predefine zones: https://firewalld.org/documentation/zone/predefined-zones.html Each zone defines a set of services or ports to be open and for modifying the defaults the attribute has to be declared: With the new parser giving a empty list should be enough like <services config:type="list"> but with old parser empty or nil values are removed from the profile during the first stage so, during the second stage it looks like not declared from firewall auto client POV: For this bug in particular a workaround could be used: <firewall> <zones config:type="list"> <zone> <name>public</name> <interfaces config:type="list"> <interface>eth0</interface> </interfaces> <services config:type="list"> <service>[!CDATA[]]</service> </services> <ports config:type="list"> <port>8080/tcp</port> <port>9090/udp</port> </ports> </zone> </zones> </firewall> But take into account that if the profile is modified more than once it will be removed at same point so it is not a general solution. For a general solution (that works in any Leap15.X version) would be better to remove the services using an script. Could you try it?, although it is not perfect doing any change to the parser for Leap15.2 could be a bad idea -- You are receiving this mail because: You are on the CC list for the bug.