Hi all, This is an interesting topic, and I have some time, so I wouln't mind picking this up and seeing where we can take it. Firewalld looks to have some merit, and while I've not yet used it extensively, it does offer some nice features: similar to SF2 it's based on zones, clean interface, large list of supported services, d-bus interface, etc. I tried firewalld with Wicked instead of NM, and while configuration must be done by manually inputting interface names, I suspect we could get some communication happening between the two over d-bus as well. Perhaps we could also build some support for configuration via ifcfg- files in the future. Just some thoughts. After going through this thread, I find the idea of peaceful coexistence (especially at the beginning) quite agreeable. As proposed, I think a similar approach to Wicked/NM selection could be built into the yast2-firewall, and if firewalld is selected, a decent place to start would be to have YaST2 run the firewalld GUI. This would hopefully get more folks trying firewalld and evaluating it's usability as an alternative or a replacement, or whatever we decide. Later on, we could look at the effort involved in things like converting /etc/sysconfig/SuSEfirewall2 and others into firewalld parsable forms. For now, both packages could exist on the system together, with only one enabled and running at a given time. I'm not a YaST developer, but it might be fun to give it a go :) I think some great ideas came out of this thread, so let's keep the channel open. If anyone has any feedback, more ideas, concerns, please share them. Best regards, Karol