I have a fedora firewall that has two interfaces. When I try to do firewall-cmd --permanent --zone=external --add-interface=eno1 and then reload firewalld with firewall-cmd --reload, the interface does not seem to be added. firewall-cmd --get-active-zones shows both eno1 and eno2 sitting in the public, which is the default, zone. There is a file in /etc/firewalld/zones/external.xml:
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>External</short>
<description>For use on external networks. You do not trust the other computers on networks to not harm
your computer. Only selected incoming connections are accepted.</description>
<interface name="eno1"/>
<service name="ssh"/>
<masquerade/>
</zone>
Best Answer
Remember that if you are using NetworkManager (you almost certainly are) then the network configuration for each interface will override the firewalld configuration.
To set the firewall zone for an interface in this circumstance, be sure to add it to, e.g.,
/etc/sysconfig/network-scripts/ifcfg-eno1.