I understand that the predefined zones are set up xml files so for example I have:-
alastair@localhost:~> sudo cat /usr/lib/firewalld/zones/internal.xml
<?xml version="1.0" encoding="utf-8"?>
<description>For use on internal networks. You mostly trust the other computers on the networks to not harm your co
mputer. Only selected incoming connections are accepted.</description>
So I have set up my connection using the preset “internal” and my connection looks like this:-
Well the help I can offer isn’t exactly first-rate, but hopefully it’ll be enough to push you over the line. If I remember correctly, firewalld stores configuration data in two (possibly more?) separate locations, and uses some mechanism I can’t quite remember to try to keep it all synchronised. after readinging a little bit about managing firewalld’s configuration files under openSuse, I knew enough to know that I probably shouldn’t bother trying., so I decided to learn a little bit about using Firewalld’s cli, so that I didn’t have to worry about using YaST or the permanent configuration files.
I made a simple little script for defining firewall services so that I could just give service definitions to firewalld, so that it can put the definitions wherever they belong. Unfortunately, I can only find a very primitive version of it which has all of the information hard-coded into the script, but it should still be better than nothing. Just replace the ???'s with whatever yo need and run the script, and firewalld will put the configuration files wherever it’s supposed to go. Here’s the version I found. It’d only a few lines long as it is.
Many thanks. I think I am there now but on the way had some difficulties.
I had the understanding that the YaST2 choices were preconfigured but editable. From the descriptions however it is quite difficult to discriminate between for example home, internal and work and even more difficult when any presets have evaporated. Not the clearest documentation in my view.
Thanks for the suggestions which were helpful.
For years now, I’ve had the impression that after integrating new software and/or features and then ensuring their reliability, there just isn’t enough time left over to expose any configuration changes to users through YaST. I haven’t had a look at firewall service management through YaST, but it could be the case that some change has been made to firewalld which YaST has not yet been updated to take account of.