🟑 Medium   ⏱ 5–30 min  Last verified: 20 May 2026
Affected versions: RHEL 7

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution – Primary Fix
  7. Solution – Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Traffic policy works until firewalld reload or reboot, then custom paths break. service reachability becomes unpredictable and incident volume increases.

Environment & Reproduction

Found on RHEL 7 systems using ad hoc runtime direct rules without permanent persistence. yum or config automation may trigger reloads that expose the gap.

Root Cause Analysis

Rules were applied only at runtime or saved outside supported firewalld persistence workflow. systemctl reload clears ephemeral state, removing required policy.

Quick Triage

Compare firewall-cmd –direct –get-all-rules before and after reload, inspect systemctl status firewalld, and check journalctl for policy reload events.

Step-by-Step Diagnosis

Inventory required direct rules, identify non-persistent entries, and map business dependencies. Validate SELinux and application service status in parallel.

Illustrative mockup for rhel-7 β€” firewalld-direct-rules-lost-problem
custom direct rules missing after firewalld reload β€” Illustrative mockup β€” Progressive Robot

Solution – Primary Fix

Recreate rules as permanent direct entries or equivalent rich/service rules, reload firewalld, and retest. Restart affected services via systemctl and verify operation.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Illustrative mockup for rhel-7 β€” firewalld-direct-rules-lost-fix
persistent direct rule configuration restored β€” Illustrative mockup β€” Progressive Robot

Solution – Alternative Approaches

Migrate away from direct rules where possible, enforce policy through zone abstractions, or implement upstream network ACLs for consistency.

Verification & Acceptance Criteria

Rules persist across reload and reboot, traffic behaves as designed, and journalctl confirms clean firewalld lifecycle operations.

Rollback Plan

Restore previous firewall configuration exports and service settings if access regressions occur. Revert related package or policy changes using yum history.

Prevention & Hardening

Manage firewall policy as code, ban manual runtime-only edits, and audit persistence after every change. Include SELinux and service checks in release pipelines.

Related incidents include zone reset surprises and missing masquerade after reload. See linked tutorial 9075 for persistent firewalld operations on RHEL 7.

Related tutorial: View the step-by-step tutorial for rhel-7.

View all rhel-7 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Refer to man firewalld.direct, man firewall-cmd, man systemctl, man service, man yum, SELinux references, and man journalctl.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.