Eric Garver

Hrm. I wonder if this was fixed as a side effect of 6a155ea7195f2c720625e2452afa41544b4b4227. Can anyone retest on the latest code from the `main` branch?

I think it would be useful to review the [firewalld concepts](https://firewalld.org/documentation/concepts.html). Most notably these two principles: - traffic ingresses one and only one zone - traffic egresses one and only...

Some of the strings are translatable. I expect this RFE amounts to tagging the other string/error messages with the `_()` [function][1], e.g. instances of `FirewallError`. Actual translations are done in...

That sounds like firewalld is not running. Alternatively, maybe `dbus-daemon` (or `dbus-broker`) needs to be restarted due to a dbus config change.

Command flag could be something like `--compare-runtime-to-permanent`. In theory this could be completely implemented in the CLI. Alternatively, implement `--get-all-configuration` for both runtime and permanent. This must be sorted (see...

It's failing pretty early so it's hard to tell what's going on. Things to check: - dbus (dbus-daemon or dbus-broker) is running - enable debug in /etc/sysconfig/firewalld - check /var/log/firewalld

I'm surprised Fedora does not package ulogd2. ulogd2 has a syslog target. So the flow would be `kernel (NFLOG) --> ulogd2 --> syslog`. Without ulogd2, firewalld will have to listen...

> Add a `firewalld-` suffix to the discard after rejection log, e.g. `ct state invalid log prefix "firewalld-STATE_INVALID_DROP: "`. The prefix should probably be configurable. > Off-topic: Please turn on...

> > > Add a `firewalld-` suffix to the discard after rejection log, e.g. `ct state invalid log prefix "firewalld-STATE_INVALID_DROP: "`. > > > > > > The prefix should...

So basically, you want audit logging.