Opensuse leap 16, firewalld? No public.xml, but defaults to that zone?

cjcox · February 23, 2026, 3:17am

Extremely frustrated with opensuse leap 16. Has firewalld, state shows running, it is running, listing active zones shows my nic and public as the default zone. While you can run commands to add services and make permanent. no public.xml in the zones directory is ever created, and nothing actually happens firewall wise to allow traffic in. Sigh. But of course, “no error” firewall-cmd completes “successfully”. I’m stumped.

cjcox · February 23, 2026, 3:49am

So, I copied a public.xml from /usr/lib/firewalld/zones/public.xml and used that. Is that what you’re supposed to do? Would seem strange for the system to be using the files straight out of /usr/lib/firewalld (?). Anyhow, sshd, of course, new installer (worse than Windows) doesn’t give options to set “typical” things up anymore. Sigh… so had to command line enable sshd and start it. Seems like we’re going backwards? Worst experience I’ve had with suse in decades.

deano_ferrari · February 23, 2026, 7:20am

I’m not sure I understand you. For reference I have

inux-lptp1:/etc/firewalld/zones # ls
block.xml      dmz.xml      docker.xml      drop.xml      external.xml      home.xml      internal.xml      nm-shared.xml      public.xml      trusted.xml      work.xml
block.xml.old  dmz.xml.old  docker.xml.old  drop.xml.old  external.xml.old  home.xml.old  internal.xml.old  nm-shared.xml.old  public.xml.old  trusted.xml.old  work.xml.old

Of course, only permanent changes are copied there.

deano_ferrari · February 23, 2026, 7:32am

Agama’s guided installer does reduce the visible typical setup options compared to the old YaST workflow and is still in active development, so I’m sure the developers would appreciate any constructive feedback from experienced hands such as yours. For experienced users, system setup can be automated or customized using installation profiles (there is a bit of a learning curve involved), and post installation configuration, including enabling services like sshd, can be managed graphically via Cockpit if desired.

deano_ferrari · February 23, 2026, 8:05am

Actual commands used to make changes, and status verification would be be more useful. Otherwise we’re left to guess.

# Current runtime configuration
firewall-cmd --zone=public --list-all

# Permanent configuration
firewall-cmd --zone=public --list-all --permanent

# Show the actual zone file
cat /etc/firewalld/zones/public.xml

cjcox · February 24, 2026, 10:37pm

You’ve guessed correctly. I’ll try to be more remedial in the future. Sorry.

system · March 26, 2026, 10:38pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.