[solved] Firewalld disable AllowZoneDrifting

firewalld

AllowZoneDrifting is a legacy feature in firewalld that lets network traffic be evaluated by multiple security zones, potentially allowing a more permissive rule to apply. It was originally introduced to simplify mixed-zone setups, but it creates unpredictable behavior and weakens security by allowing traffic to “leak” through zones that should be restricted. Because it makes firewall rules harder to understand and opens the door to unintended access, it’s considered insecure and should be disabled in modern environments.

when you issue a systemctl status firewalld command you might be presented with the below which indicates your config is still having a AllowZoneDrifting active.

firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2025-05-07 13:39:54 GMT; 13min ago
     Docs: man:firewalld(1)
 Main PID: 1574 (firewalld)
    Tasks: 2 (limit: 99882)
   Memory: 39.6M
   CGroup: /system.slice/firewalld.service
           └─1574 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid

May 07 13:39:54 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
May 07 13:39:54 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
May 07 13:39:54…