If you try to remove one of the predefined zones from Firewalld, e.g. public, you encounter the following error:

Error: BUILTIN_ZONE: 'public' is built-in zone

I don’t like that Firewalld is bloated with all of these built in zones that I will never use. I want to get rid of them, but, from what I’ve been able to find, it appears non-trivial to do so.

EDIT (2024-01-27T01:55Z):

I came across this GitHub issue. So it appears that this is a known “issue”, and it could potentially be changed in the future, albeit probably far in the future. It is a very strange initial design choice, though, in my opinion.

  • BCsven
    link
    fedilink
    arrow-up
    2
    ·
    9 months ago

    It makes sense for them to include the Reject, drop, type for obvious reasons, the others seem like they asked “what will be the most common use cases for networks?” so they threw them in as work, home, public and trusted, external, dns , etc so that somebody starting out doesn’t have to create zones from scratch. I doubt having one extra zone takes up very much in the way of kb of space. compared to how much junk I have in my downloads folder that i should triage. What would be nice though would be a rename function, because we may have different Work rules depending on which workplace you are at that day with a system.