I just installed a new OpenSuse Leap 15.5 and reviewing my firewall configuration. What I struggle to understand why I have active docker zone if I don’t intend to use docker, I don’t have docker0 network interface. What am I missing here?
Zone is considered active if it has assigned interface(s). Zone where interface(s) is(are) assigned statically is always active. “Active” in the sense - firewalld will create netfilter rules that reference this interface. docker and docker0 come with default configuration in upstream firewalld. If you do not want to see them, modify docker zone and remove docker0 interface.
Interfaces come and go, they can be hot added and hot removed. Interface does not need to exist when netfilter rule referencing this interface is created.
But I don’t have docker containers and I don’t even have docker installed. Why would Suse expect me to have docker containers?
What is more, I don’t even have the docker0 network interface. Does it have to be an active zone (I don’t even know how it can be active with non-existent interface assigned to it)? Maybe those who want this docker can make the zone active if they need it. It seems like a pretty ugly workaround.