Here’s what I did, after reading all messages in this thread several times and gnashing teeth over how an unsophistciated user like me could transition to firewalld.
If I missed a step, I hope others will let me know. If I did it right, I hope my steps can help others.
FWIW: I compute with Network Manager, seek only to connect to the internet – web surf, email, ftp – from a single computer, without a network and without the need for remote access. I have the NetworkManager-openvpn package installed, and use a VPN.
sudo systemctl stop SuSEfirewall2
sudo systemctl disable SuSEfirewall2
sudo systemctl enable firewalld
sudo systemctl start firewalld
And then, in Yast:
Firewall → install firewall-config utility
Firewall-config → Configuration → Change from ‘Runtime’ to ‘Permanent’
In default ‘public’ zone, uncheck dhcpv6 and ssh services
Close firewall-config, close Yast, reboot computer to test
sudo firewall-cmd --state
sudo firewall-cmd --list-services
(With no running services listed, such as the unwanted ssh and dhcpv6-client
A firewall test at grc.com gave me a ‘thumbs up.’
How’d I do? Did I miss anything?
And, for the benefit of other Tumbleweed users who may read this thread with worry: were these steps even necessary? As a home user without special needs, could I have continued to use already-installed SuSEfirewall2 for months (or years) to come?