On 10/13/2015 06:15 AM, Emmett Culley wrote: > I never use NetworkManager except on portable machines. Can't see the need. In that case, specify a ZONE in ifcfg-eth1. If you look at ifup-eth, you'll see that firewall-cmd is called during interface configuration. If no zone is specified, the default is used. I believe that firewalld starts first, configures the firewall correctly, and then the "network" service starts later and sets both interfaces into the default zone. If you specify ZONE=trusted in ifcfg-eth1, then it'll be placed into that zone.