Hide Forgot
Description of problem: zone bindings are not recreated on reload, if they are managed by NM. This bug was introduced with new option FlushAllOnReload set to default 'yes'. Interfaces configured to be bound to specific zones internally in firewalld are not impacted. (zone.xml file). This binding type is not default as NM is usually running and let to manage those bindings. Version-Release number of selected component (if applicable): firewalld-0.6.3-3.el8.noarch NetworkManager-1.14.0-7.el8.x86_64 How reproducible: always Steps to Reproduce: (optionally set up 'br' interface and binding in zone.xml) have NM and firewalld up firewall-cmd --get-active-zones public interfaces: eth0 work interfaces: br firewall-cmd --reload firewall-cmd --get-active-zones work interfaces: br Actual results: interface 'eth0' is not bound to any zone (default) on reload interface contained within internal configuration gets loaded Expected results: all interfaces NM/non-NM managed that are present on service start are also present after reload Additional info:
Upstream: cd97204a06f3 ("fw: on reload() retain interfaces from NetworkManager")
blocker+ per Dec 13th blocker meeting
Additional upstream commit: 2c003eefff31 ("fw: On reload, when restoring NM interfaces also consider default zone")