Bug 1577657

Summary: Zone directive in ifcfg files ignored after upgrade to 7.5
Product: Red Hat Enterprise Linux 7 Reporter: Per Hjartoy <per>
Component: firewalldAssignee: Eric Garver <egarver>
Status: CLOSED INSUFFICIENT_DATA QA Contact: qe-baseos-daemons
Severity: medium Docs Contact:
Priority: medium    
Version: 7.5CC: per, rkhan, todoleza
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-08 12:29:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Per Hjartoy 2018-05-13 19:18:51 UTC 
Description of problem:

On systems with no NetworkManager installed, an upgrade from 7.4 to 7.5 leads the firewalld to ignore the "ZONE=" directive in the ifcfg-<interface> file.  Running the command firewall-cmd --get-active-zones returns nothing.

A work around is to run the command (e.g.):
firewall-cmd --permanent --change-zone=eth0 --zone=internal

This creates an entry in the <zone>.xml file and 7.4 behavior is restored.

Version-Release number of selected component (if applicable):
RHEL 7.5 releae

How reproducible:
Upgrade a working 7.4 system to 7.5 system via yum

Steps to Reproduce:
1. Deinstall NetworkManager
2. Upgrade from 7.4 to 7.5
3. Run firewall-cmd --get-active-zones and observe zero output
4. firewall-cmd --permanent --change-zone=<interface> --zone=<zone> to restore functionality

Actual results:
Only default zone attached to all interfaces

Expected results:
Interface attached to the zone file stated in the ZONE= directive

Additional info:
Comment 2 Eric Garver 2019-03-01 20:54:49 UTC 
(In reply to Per Hjartoy from comment #0)
> Description of problem:
> 
> On systems with no NetworkManager installed, an upgrade from 7.4 to 7.5
> leads the firewalld to ignore the "ZONE=" directive in the ifcfg-<interface>
> file.  Running the command firewall-cmd --get-active-zones returns nothing.

firewalld has never been responsible for reading the ifcfg files for an interface. That is done by network-scripts, i.e. /etc/sysconfig/network-scripts/ifup-post and should occur at boot.

After a reboot was "firewall-cmd --get-active-zones" still yielding empty?
Comment 3 Eric Garver 2019-04-08 12:29:52 UTC 
Closing due to insufficient data. Please reopen if you can provide the requested information in comment 2.
Comment 4 Red Hat Bugzilla 2023-09-14 04:27:59 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days